Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 2.20.142.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 2.20.142.210 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.108.60.202 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.108.60.202 |
Source: unknown | TCP traffic detected without corresponding DNS query: 104.108.60.202 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 40.90.22.191 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: 00000003.00000002.592799411.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000003.00000002.592799411.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000000.00000002.360073804.0000000003FDD000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.360073804.0000000003FDD000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000003.00000002.599041317.0000000005960000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000003.00000002.598672636.00000000054F0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000003.00000002.597422084.00000000041A7000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: ORDER PMX-PT-2001 STOCK+NOVO.exe PID: 7136, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: ORDER PMX-PT-2001 STOCK+NOVO.exe PID: 7136, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: MSBuild.exe PID: 4544, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: MSBuild.exe PID: 4544, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 3.2.MSBuild.exe.5960000.4.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 3.2.MSBuild.exe.54f0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 3.2.MSBuild.exe.5960000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE08B0 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE0099 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE183D |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE3074 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE8DF8 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE2900 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE9FA8 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE9FB8 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE33E8 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE33F8 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE08A0 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE28F3 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE19A3 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE8DE9 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AEA1FB |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_02AE9178 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_05925C48 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_05920006 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_05925C39 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_05920070 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_05929B20 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_059252D8 |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Code function: 0_2_059252CB |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 3_2_05393850 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 3_2_05398F58 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 3_2_05398358 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 3_2_0539ABB8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 3_2_05392FA8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 3_2_053923A0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 3_2_0539901F |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 3_2_0539306F |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe | Binary or memory string: OriginalFilename vs ORDER PMX-PT-2001 STOCK+NOVO.exe |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.362888953.0000000005F20000.00000002.00000001.sdmp | Binary or memory string: System.OriginalFileName vs ORDER PMX-PT-2001 STOCK+NOVO.exe |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.365523105.0000000006020000.00000002.00000001.sdmp | Binary or memory string: originalfilename vs ORDER PMX-PT-2001 STOCK+NOVO.exe |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.365523105.0000000006020000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs ORDER PMX-PT-2001 STOCK+NOVO.exe |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.362224387.00000000057D0000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameKedermister.dllT vs ORDER PMX-PT-2001 STOCK+NOVO.exe |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.360789536.0000000005380000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs ORDER PMX-PT-2001 STOCK+NOVO.exe |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.355858899.0000000000692000.00000002.00020000.sdmp | Binary or memory string: OriginalFilename2e6s.exeP vs ORDER PMX-PT-2001 STOCK+NOVO.exe |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe | Binary or memory string: OriginalFilename2e6s.exeP vs ORDER PMX-PT-2001 STOCK+NOVO.exe |
Source: 00000003.00000002.592799411.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000003.00000002.592799411.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000000.00000002.360073804.0000000003FDD000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.360073804.0000000003FDD000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000003.00000002.599041317.0000000005960000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000003.00000002.599041317.0000000005960000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000003.00000002.598672636.00000000054F0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000003.00000002.598672636.00000000054F0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000003.00000002.597422084.00000000041A7000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: ORDER PMX-PT-2001 STOCK+NOVO.exe PID: 7136, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: ORDER PMX-PT-2001 STOCK+NOVO.exe PID: 7136, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: MSBuild.exe PID: 4544, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: MSBuild.exe PID: 4544, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 3.2.MSBuild.exe.5960000.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 3.2.MSBuild.exe.5960000.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.MSBuild.exe.54f0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 3.2.MSBuild.exe.54f0000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 3.2.MSBuild.exe.5960000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 3.2.MSBuild.exe.5960000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\ORDER PMX-PT-2001 STOCK+NOVO.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.357258593.0000000002F01000.00000004.00000001.sdmp | Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: MSBuild.exe, 00000003.00000002.599513915.0000000006220000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.357258593.0000000002F01000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.357258593.0000000002F01000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II|update users set password = @password where user_id = @user_id |
Source: MSBuild.exe, 00000003.00000002.593733078.0000000001308000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW^L |
Source: MSBuild.exe, 00000003.00000002.599513915.0000000006220000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: MSBuild.exe, 00000003.00000002.599513915.0000000006220000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: MSBuild.exe, 00000003.00000002.593733078.0000000001308000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: ORDER PMX-PT-2001 STOCK+NOVO.exe, 00000000.00000002.357258593.0000000002F01000.00000004.00000001.sdmp | Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: MSBuild.exe, 00000003.00000002.599513915.0000000006220000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |