Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.105.131.171 |
Source: 00000007.00000002.523106408.00000000058E0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.267284448.00000000039D9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.267284448.00000000039D9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000007.00000002.522969256.0000000005830000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000007.00000002.521801480.0000000003EE9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000007.00000002.516107579.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000007.00000002.516107579.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: TT COPY pdf.exe PID: 6240, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: TT COPY pdf.exe PID: 6240, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.TT COPY pdf.exe.3a79c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.TT COPY pdf.exe.3a79c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7.2.TT COPY pdf.exe.3eeff1c.5.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7.2.TT COPY pdf.exe.3eeff1c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.TT COPY pdf.exe.3ef4545.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.TT COPY pdf.exe.58e4629.11.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.TT COPY pdf.exe.3eeb0e6.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.TT COPY pdf.exe.3eeb0e6.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7.2.TT COPY pdf.exe.5830000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.TT COPY pdf.exe.58e0000.10.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.TT COPY pdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.TT COPY pdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 7.2.TT COPY pdf.exe.58e0000.10.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 7.2.TT COPY pdf.exe.2ed30a4.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02734EB0 |
0_2_02734EB0 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_027347D0 |
0_2_027347D0 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02735478 |
0_2_02735478 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02731A07 |
0_2_02731A07 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02736298 |
0_2_02736298 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02736289 |
0_2_02736289 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02731BA7 |
0_2_02731BA7 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_027398D8 |
0_2_027398D8 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02731943 |
0_2_02731943 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02731948 |
0_2_02731948 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02735EF0 |
0_2_02735EF0 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02735EE3 |
0_2_02735EE3 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02734EA3 |
0_2_02734EA3 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02734EAB |
0_2_02734EAB |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_027347C3 |
0_2_027347C3 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_02736476 |
0_2_02736476 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_0273546B |
0_2_0273546B |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_0298E6C0 |
0_2_0298E6C0 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_0298C3B4 |
0_2_0298C3B4 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_0298E6B0 |
0_2_0298E6B0 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B765E8 |
0_2_05B765E8 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B78578 |
0_2_05B78578 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B77728 |
0_2_05B77728 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B73690 |
0_2_05B73690 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B7F3B8 |
0_2_05B7F3B8 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B743E0 |
0_2_05B743E0 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B76DA0 |
0_2_05B76DA0 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B7B948 |
0_2_05B7B948 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B7F850 |
0_2_05B7F850 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B765E3 |
0_2_05B765E3 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B76526 |
0_2_05B76526 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B78573 |
0_2_05B78573 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B794B3 |
0_2_05B794B3 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B794B8 |
0_2_05B794B8 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B77719 |
0_2_05B77719 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B7A718 |
0_2_05B7A718 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B7A709 |
0_2_05B7A709 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B7A370 |
0_2_05B7A370 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B7A36B |
0_2_05B7A36B |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B76D90 |
0_2_05B76D90 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B7ADC3 |
0_2_05B7ADC3 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 0_2_05B7ADC8 |
0_2_05B7ADC8 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 7_2_02E5E480 |
7_2_02E5E480 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 7_2_02E5E471 |
7_2_02E5E471 |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Code function: 7_2_02E5BBD4 |
7_2_02E5BBD4 |
Source: TT COPY pdf.exe |
Binary or memory string: OriginalFilename vs TT COPY pdf.exe |
Source: TT COPY pdf.exe, 00000000.00000002.271275533.000000000BD50000.00000002.00000001.sdmp |
Binary or memory string: System.OriginalFileName vs TT COPY pdf.exe |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameSimpleUI.dll( vs TT COPY pdf.exe |
Source: TT COPY pdf.exe, 00000000.00000002.271449833.000000000BE50000.00000002.00000001.sdmp |
Binary or memory string: originalfilename vs TT COPY pdf.exe |
Source: TT COPY pdf.exe, 00000000.00000002.271449833.000000000BE50000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs TT COPY pdf.exe |
Source: TT COPY pdf.exe, 00000000.00000002.270925129.0000000005B80000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDSASignature.dll@ vs TT COPY pdf.exe |
Source: TT COPY pdf.exe |
Binary or memory string: OriginalFilename vs TT COPY pdf.exe |
Source: TT COPY pdf.exe, 00000007.00000002.523581187.00000000067A0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs TT COPY pdf.exe |
Source: TT COPY pdf.exe, 00000007.00000002.518288271.0000000002EA1000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameClientPlugin.dll4 vs TT COPY pdf.exe |
Source: TT COPY pdf.exe, 00000007.00000002.521801480.0000000003EE9000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameLzma#.dll4 vs TT COPY pdf.exe |
Source: TT COPY pdf.exe, 00000007.00000002.521801480.0000000003EE9000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs TT COPY pdf.exe |
Source: TT COPY pdf.exe |
Binary or memory string: OriginalFilenameEventTags.exe< vs TT COPY pdf.exe |
Source: 00000007.00000002.523106408.00000000058E0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000007.00000002.523106408.00000000058E0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000000.00000002.267284448.00000000039D9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.267284448.00000000039D9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000007.00000002.522969256.0000000005830000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000007.00000002.522969256.0000000005830000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000007.00000002.521801480.0000000003EE9000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000007.00000002.516107579.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000007.00000002.516107579.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: TT COPY pdf.exe PID: 6240, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: TT COPY pdf.exe PID: 6240, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.TT COPY pdf.exe.3a79c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.TT COPY pdf.exe.3a79c68.2.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 7.2.TT COPY pdf.exe.3eeff1c.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.TT COPY pdf.exe.3eeff1c.5.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 7.2.TT COPY pdf.exe.3eeff1c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.TT COPY pdf.exe.3eeff1c.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 7.2.TT COPY pdf.exe.3ef4545.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.TT COPY pdf.exe.3ef4545.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 7.2.TT COPY pdf.exe.58e4629.11.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.TT COPY pdf.exe.58e4629.11.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 7.2.TT COPY pdf.exe.3eeb0e6.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.TT COPY pdf.exe.3eeb0e6.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 7.2.TT COPY pdf.exe.3eeb0e6.3.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 7.2.TT COPY pdf.exe.5830000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.TT COPY pdf.exe.5830000.7.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 7.2.TT COPY pdf.exe.58e0000.10.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.TT COPY pdf.exe.58e0000.10.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 7.2.TT COPY pdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.TT COPY pdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 7.2.TT COPY pdf.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.TT COPY pdf.exe.3bc1518.3.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 7.2.TT COPY pdf.exe.58e0000.10.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 7.2.TT COPY pdf.exe.58e0000.10.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 7.2.TT COPY pdf.exe.2ed30a4.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TT COPY pdf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: TT COPY pdf.exe, 00000007.00000002.523581187.00000000067A0000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: TT COPY pdf.exe, 00000007.00000002.523581187.00000000067A0000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: TT COPY pdf.exe, 00000007.00000002.523581187.00000000067A0000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: TT COPY pdf.exe, 00000000.00000002.266683810.00000000029D1000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: TT COPY pdf.exe, 00000007.00000002.517304669.0000000000E6E000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: TT COPY pdf.exe, 00000007.00000002.523581187.00000000067A0000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |