{"Version": "1.2.2.0", "Mutex": "8a1be7ed-1b25-4346-8844-80b424a6", "Group": "Default", "Domain1": "sobe123.ddns.net", "Domain2": "127.0.0.1", "Port": 5656, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5024, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
Source: 1.2.Orderlist.exe.3850000.2.raw.unpack | Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "8a1be7ed-1b25-4346-8844-80b424a6", "Group": "Default", "Domain1": "sobe123.ddns.net", "Domain2": "127.0.0.1", "Port": 5656, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5024, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"} |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49714 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49715 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49719 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49720 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49723 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49724 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49725 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49731 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49744 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49745 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49746 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49747 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49748 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49751 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49752 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49753 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49754 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49755 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49756 -> 185.244.30.22:5656 |
Source: Traffic | Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.5:49757 -> 185.244.30.22:5656 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 67.26.139.254 |
Source: unknown | TCP traffic detected without corresponding DNS query: 67.26.139.254 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.203.69.124 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.203.69.124 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 23.211.5.146 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 67.26.139.254 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown | TCP traffic detected without corresponding DNS query: 67.26.139.254 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.131 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.136 |
Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.160.136 |
Source: unknown | Network traffic detected: HTTP traffic on port 49699 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49699 |
Source: unknown | Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49675 |
Source: unknown | Network traffic detected: HTTP traffic on port 49695 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49694 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49694 |
Source: unknown | Network traffic detected: HTTP traffic on port 49696 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49679 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49691 |
Source: unknown | Network traffic detected: HTTP traffic on port 49691 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49690 |
Source: unknown | Network traffic detected: HTTP traffic on port 49686 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49690 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49679 |
Source: 1.2.Orderlist.exe.3850000.2.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 1.2.Orderlist.exe.3850000.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 1.2.Orderlist.exe.3850000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 1.2.Orderlist.exe.3850000.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000001.00000002.236917800.0000000003850000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000001.00000002.236917800.0000000003850000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: Orderlist.exe PID: 5836, type: MEMORYSTR | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: Orderlist.exe PID: 5836, type: MEMORYSTR | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 1.2.Orderlist.exe.3850000.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 1.2.Orderlist.exe.3850000.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.Orderlist.exe.3850000.2.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 1.2.Orderlist.exe.3850000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 1.2.Orderlist.exe.3850000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 1.2.Orderlist.exe.3850000.2.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000001.00000002.236917800.0000000003850000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000001.00000002.236917800.0000000003850000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 00000001.00000002.236917800.0000000003850000.00000040.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: Orderlist.exe PID: 5836, type: MEMORYSTR | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: Orderlist.exe PID: 5836, type: MEMORYSTR | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp |
Source: unknown | Process created: C:\Users\user\Desktop\Orderlist.exe 'C:\Users\user\Desktop\Orderlist.exe' |
Source: C:\Users\user\Desktop\Orderlist.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\Orderlist.exe' |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpD5BB.tmp' |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\Orderlist.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\Orderlist.exe' |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpD5BB.tmp' |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Orderlist.exe | Code function: 1_2_00401EBD SetUnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Orderlist.exe | Code function: 1_2_00404401 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Orderlist.exe | Code function: 1_2_00401888 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\Desktop\Orderlist.exe | Code function: 1_2_00401D2B IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: MSBuild.exe, 00000003.00000003.424610803.00000000066CB000.00000004.00000001.sdmp | Binary or memory string: Program Manager |
Source: MSBuild.exe, 00000003.00000003.395438111.00000000066CB000.00000004.00000001.sdmp | Binary or memory string: Program Manager |
Source: MSBuild.exe, 00000003.00000003.386145601.00000000066CB000.00000004.00000001.sdmp | Binary or memory string: Program ManagerILE=C:\ProgramDataAPPDATA=C:\Users\user\AppData\RoamingCommonProgramFiles=C:\Program Files (x86)\Common FilesCommonProgramFiles(x86)=C:\Program Files (x86)\Common FilesCommonProgramW6432=C:\Program Files\Common FilesCOMPUTERNAME=DESKT |
Source: MSBuild.exe, 00000003.00000003.411296004.00000000066CA000.00000004.00000001.sdmp | Binary or memory string: Program ManageruA_8 |
Source: MSBuild.exe, 00000003.00000003.386145601.00000000066CB000.00000004.00000001.sdmp | Binary or memory string: Program Manager3 |
Source: MSBuild.exe, 00000003.00000003.411296004.00000000066CA000.00000004.00000001.sdmp | Binary or memory string: Program Manager*! |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |