Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49737 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49738 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49741 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49743 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49744 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49752 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49758 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49762 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49768 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49769 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49770 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49771 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49772 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49775 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49776 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49777 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49778 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49779 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49780 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49781 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49782 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49783 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49784 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49785 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49786 -> 91.193.75.155:5090 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49787 -> 91.193.75.155:5090 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown | Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49721 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49688 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown | Network traffic detected: HTTP traffic on port 49706 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49695 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49683 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49681 |
Source: unknown | Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49719 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49719 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49717 |
Source: unknown | Network traffic detected: HTTP traffic on port 49717 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49699 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49697 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49696 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49695 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49694 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49693 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49692 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49691 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49690 |
Source: unknown | Network traffic detected: HTTP traffic on port 49721 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49700 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49683 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown | Network traffic detected: HTTP traffic on port 49716 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49706 |
Source: unknown | Network traffic detected: HTTP traffic on port 49681 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49703 |
Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000003.00000002.1047272619.00000000064F0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 3.2.MSBuild.exe.64f0000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: 1_2_00A558CB |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: 1_2_00A65810 |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: 1_2_00A64ACF |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: 1_2_00A653DB |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: 1_2_00A65C45 |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: 1_2_00A64FC3 |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: 1_2_00A58F0B |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_0541E471 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_0541E480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_0541BBD4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 3_2_06A70040 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 8_2_006C5CF9 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 8_2_006C18C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 8_2_006C2148 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 8_2_006C4A20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Code function: 8_2_006C2133 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 12_2_02E35858 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 12_2_02E34580 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 12_2_02E32148 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 12_2_02E31A40 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 12_2_02E32133 |
Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000001.00000002.656614146.0000000000AB0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000003.00000002.1047366764.0000000006580000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000003.00000002.1044661467.00000000040D9000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000003.00000002.1047272619.00000000064F0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000003.00000002.1047272619.00000000064F0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000003.00000002.1041355870.0000000000402000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: MSBuild.exe PID: 2204, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 3.2.MSBuild.exe.6580000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE.ab0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 3.2.MSBuild.exe.64f0000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 3.2.MSBuild.exe.64f0000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 3.2.MSBuild.exe.6580000.4.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: dhcpmon.exe.3.dr, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: dhcpmon.exe.3.dr, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: dhcpmon.exe.3.dr, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: dhcpmon.exe.3.dr, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean) |
Source: dhcpmon.exe.3.dr, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule) |
Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean) |
Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule) |
Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean) |
Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule) |
Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean) |
Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule) |
Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean) |
Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.cs | Security API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule) |
Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Internal/CommunicationsUtilities.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.dr | Binary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln |
Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.dr | Binary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release |
Source: dhcpmon.exe, dhcpmon.exe.3.dr | Binary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb |
Source: dhcpmon.exe, 0000000F.00000002.684375210.0000000002381000.00000004.00000001.sdmp | Binary or memory string: *.slnP#"l |
Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.dr | Binary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD |
Source: dhcpmon.exe, 0000000F.00000002.684375210.0000000002381000.00000004.00000001.sdmp | Binary or memory string: l)C:\Program Files (x86)\DHCP Monitor\*.sln |
Source: dhcpmon.exe, dhcpmon.exe.3.dr | Binary or memory string: *.sln |
Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.dr | Binary or memory string: MSBuild MyApp.csproj /t:Clean |
Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.dr | Binary or memory string: /ignoreprojectextensions:.sln |
Source: MSBuild.exe, 00000003.00000003.657703157.0000000001222000.00000004.00000001.sdmp, dhcpmon.exe, 0000000C.00000000.664261186.0000000000C72000.00000002.00020000.sdmp, dhcpmon.exe, 0000000F.00000002.683748941.0000000000012000.00000002.00020000.sdmp, dhcpmon.exe.3.dr | Binary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that. |
Source: unknown | Process created: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE' |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE' |
Source: unknown | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp' |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp7609.tmp' |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe 0 |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe 'C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE' |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp731A.tmp' |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp7609.tmp' |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: dhcpmon.exe.3.dr, Microsoft.Build/Shared/NativeMethodsShared.cs | Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll') |
Source: 3.2.MSBuild.exe.400000.0.unpack, u0023u003dqjryTBW16mUfo_ItH9KWoGQu003du003d.cs | Reference to suspicious API methods: ('#=qxG$Aklpbf6gyBfAqTMmORA==', 'OpenProcess@kernel32.dll'), ('#=qh7diH14jww3Fm9rMJ_jIfQ==', 'FindResourceEx@kernel32.dll') |
Source: 12.0.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Shared/NativeMethodsShared.cs | Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll') |
Source: 12.2.dhcpmon.exe.c70000.0.unpack, Microsoft.Build/Shared/NativeMethodsShared.cs | Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll') |
Source: 15.0.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Shared/NativeMethodsShared.cs | Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll') |
Source: 15.2.dhcpmon.exe.10000.0.unpack, Microsoft.Build/Shared/NativeMethodsShared.cs | Reference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll') |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: GetLocaleInfoEx,__wcsnicmp,_TestDefaultCountry,_TestDefaultCountry, |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: EnumSystemLocalesEx, |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: GetLocaleInfoEx, |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
Source: C:\Users\user\Desktop\TNT SHIPMENT AWB_IMAGE CI_FROM TNT AWB# 167095453_PDF_________.EXE | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free, |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll VolumeInformation |