Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.200 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: unknown | TCP traffic detected without corresponding DNS query: 185.140.53.8 |
Source: 2.2.MSBuild.exe.5cc0000.6.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 2.2.MSBuild.exe.40d7a70.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 2.2.MSBuild.exe.40d7a70.2.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 2.2.MSBuild.exe.5cc0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 2.2.MSBuild.exe.30812fc.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 2.2.MSBuild.exe.5a20000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 2.2.MSBuild.exe.40dc099.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 2.2.MSBuild.exe.5cc4629.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000002.00000002.479823366.0000000000402000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000002.00000002.479823366.0000000000402000.00000040.00020000.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000002.00000002.485007729.0000000005A20000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.223144000.0000000002720000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.223144000.0000000002720000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 00000002.00000002.485086472.0000000005CC0000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: P0 (2021)-2790 new order.exe PID: 6380, type: MEMORYSTR | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: P0 (2021)-2790 new order.exe PID: 6380, type: MEMORYSTR | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: MSBuild.exe PID: 6440, type: MEMORYSTR | Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: MSBuild.exe PID: 6440, type: MEMORYSTR | Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 2.2.MSBuild.exe.5cc0000.6.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 2.2.MSBuild.exe.5cc0000.6.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 2.2.MSBuild.exe.40d7a70.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 2.2.MSBuild.exe.40d7a70.2.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 2.2.MSBuild.exe.40d7a70.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 2.2.MSBuild.exe.40d7a70.2.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 2.2.MSBuild.exe.5cc0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 2.2.MSBuild.exe.5cc0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 2.2.MSBuild.exe.30812fc.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 2.2.MSBuild.exe.30812fc.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.raw.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.P0 (2021)-2790 new order.exe.2720000.1.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 2.2.MSBuild.exe.5a20000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 2.2.MSBuild.exe.5a20000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 2.2.MSBuild.exe.40dc099.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 2.2.MSBuild.exe.40dc099.3.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 2.2.MSBuild.exe.5cc4629.5.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 2.2.MSBuild.exe.5cc4629.5.raw.unpack, type: UNPACKEDPE | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000002.00000002.479823366.0000000000402000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000002.00000002.479823366.0000000000402000.00000040.00020000.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000002.00000002.485007729.0000000005A20000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000002.00000002.485007729.0000000005A20000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000002.223144000.0000000002720000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.223144000.0000000002720000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000002.223144000.0000000002720000.00000004.00000001.sdmp, type: MEMORY | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 00000002.00000002.485086472.0000000005CC0000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000002.00000002.485086472.0000000005CC0000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: Process Memory Space: P0 (2021)-2790 new order.exe PID: 6380, type: MEMORYSTR | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: P0 (2021)-2790 new order.exe PID: 6380, type: MEMORYSTR | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: MSBuild.exe PID: 6440, type: MEMORYSTR | Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: MSBuild.exe PID: 6440, type: MEMORYSTR | Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A3340B |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A42C51 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A431C3 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A47134 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A3C11C |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A3D292 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A426E6 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A45AC9 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A43EDF |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A3CA28 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A45207 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A3C610 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A3B26B |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: 0_2_00A3CE5D |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 2_2_012D7ABE |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 2_2_02CDB2A8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 2_2_02CD2FA8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 2_2_02CD23A0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 2_2_02CD3850 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 2_2_02CD89D8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 2_2_02CD969F |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 2_2_02CD306F |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 2_2_02CD95D8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 10_2_05781DF8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Code function: 10_2_05780708 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 12_2_00046D08 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 12_2_00046950 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 12_2_0004692F |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 12_2_047E0708 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_00F6692F |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_00F66950 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Code function: 15_2_00F66D08 |
Source: unknown | Process created: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe 'C:\Users\user\Desktop\P0 (2021)-2790 new order.exe' |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\P0 (2021)-2790 new order.exe' |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp7C69.tmp' |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp8052.tmp' |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\P0 (2021)-2790 new order.exe' |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp7C69.tmp' |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp8052.tmp' |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation |
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\P0 (2021)-2790 new order.exe | Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, |