Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: CasPol.exe, 00000003.00000003.52802373816.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52760926233.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52699253340.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672748302.00000000013B9000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb?R source: CasPol.exe, 00000003.00000003.52801945154.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52760506590.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52698861975.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672351149.0000000001367000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Builds\219\N2\HO_NMDllHost_g_2016_r_0\Sources\NMDllHost_2016\src\NMDllHost\NMDllHost\x86\Release\NMDllHost.pdb source: NMDllHost.exe.1.dr |
Source: |
Binary string: F:\APPS8.0.0.85\sw\src\apps\acapi\acapi___Win32_Release_Unicode\athcfg20U.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52899228955.000000000040A000.00000004.00000001.01000000.00000003.sdmp, athcfg20U.dll.1.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: CasPol.exe, 00000003.00000003.52801945154.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52760506590.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52698861975.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672351149.0000000001367000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Net.Http.pdb source: System.Net.Http.dll.1.dr |
Source: |
Binary string: F:\APPS8.0.0.85\sw\src\apps\acapi\acapi___Win32_Release_Unicode\athcfg20U.pdbeSuppTypeVendorACAPI.initGlobalResources failed: %s source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52899228955.000000000040A000.00000004.00000001.01000000.00000003.sdmp |
Source: |
Binary string: d:\Projects\AirVPN\Repo\eddie-air\src\Lib.Platform.Windows.Native\bin\x64\Release\Lib.Platform.Windows.Native.pdb source: Lib.Platform.Windows.Native.dll.1.dr |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49761 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49761 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49762 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49762 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49765 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49765 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49767 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49767 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49769 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49769 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49770 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49770 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49771 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49771 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49773 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49773 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49774 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49774 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49776 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49776 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49777 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49777 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49778 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49778 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49779 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49779 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49781 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49781 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49782 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49782 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49783 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49783 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49784 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49784 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49786 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49786 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49787 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49787 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49788 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49788 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49789 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49789 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49790 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49790 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49791 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49791 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49793 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49793 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49794 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49794 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49795 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49795 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49796 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49796 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49797 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49797 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49798 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49798 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49799 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49799 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49800 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49800 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49801 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49801 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49802 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49802 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49803 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49803 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49804 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49804 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49805 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49805 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49807 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49807 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49808 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49808 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49809 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49809 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49810 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49810 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49811 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49811 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49812 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49812 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49813 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49813 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49814 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49814 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49815 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49815 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49816 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49816 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49817 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49817 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49818 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49818 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49819 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49819 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49820 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49820 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49821 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49821 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49824 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49824 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49825 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49825 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49826 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49826 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49827 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49827 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49828 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49828 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49829 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49829 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49830 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49830 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49831 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49831 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49832 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49832 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49833 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49833 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49834 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49834 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49835 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49835 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49836 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49836 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49837 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49837 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49838 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49838 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49839 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49839 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49840 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49840 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49841 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49841 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49842 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49842 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49843 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49843 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49844 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49844 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49846 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49846 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49847 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49847 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.11.20:49848 -> 23.105.131.186:6040 |
Source: Traffic |
Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.11.20:49848 -> 23.105.131.186:6040 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, filename.exe.3.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, filename.exe.3.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: CasPol.exe, 00000003.00000003.52405636119.000000000136B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52801945154.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52760506590.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52698861975.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672351149.0000000001367000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: CasPol.exe, 00000003.00000003.52405636119.000000000136B000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52801945154.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52760506590.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52698861975.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672351149.0000000001367000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, filename.exe.3.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, filename.exe.3.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0# |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, filename.exe.3.dr |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, filename.exe.3.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, filename.exe.3.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://s2.symcb.com0 |
Source: SourceCodePro-Medium.otf.1.dr |
String found in binary or memory: http://scripts.sil.org/OFLSource |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://sv.symcb.com/sv.crl0f |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://sv.symcd.com0& |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://www.nero.com |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: CasPol.exe, 00000003.00000003.52671971734.0000000001335000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/ |
Source: CasPol.exe, 00000003.00000003.52760234391.0000000001340000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672064010.0000000001340000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52801674515.0000000001340000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52698575011.0000000001340000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/963535165500588126/979323922124263434/NANO_uyUuDnXlo102.bin |
Source: CasPol.exe, 00000003.00000003.52760234391.0000000001340000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672064010.0000000001340000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52801674515.0000000001340000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52698575011.0000000001340000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.discordapp.com/attachments/963535165500588126/979323922124263434/NANO_uyUuDnXlo102.bin9 |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: NMDllHost.exe.1.dr |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: Lib.Platform.Windows.Native.dll.1.dr |
String found in binary or memory: https://sectigo.com/CPS0D |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: CasPol.exe, 00000003.00000003.52802373816.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52760926233.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52699253340.00000000013B9000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672748302.00000000013B9000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb?R source: CasPol.exe, 00000003.00000003.52801945154.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52760506590.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52698861975.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672351149.0000000001367000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Builds\219\N2\HO_NMDllHost_g_2016_r_0\Sources\NMDllHost_2016\src\NMDllHost\NMDllHost\x86\Release\NMDllHost.pdb source: NMDllHost.exe.1.dr |
Source: |
Binary string: F:\APPS8.0.0.85\sw\src\apps\acapi\acapi___Win32_Release_Unicode\athcfg20U.pdb source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52899228955.000000000040A000.00000004.00000001.01000000.00000003.sdmp, athcfg20U.dll.1.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: CasPol.exe, 00000003.00000003.52801945154.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52760506590.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52698861975.0000000001367000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672351149.0000000001367000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Net.Http.pdb source: System.Net.Http.dll.1.dr |
Source: |
Binary string: F:\APPS8.0.0.85\sw\src\apps\acapi\acapi___Win32_Release_Unicode\athcfg20U.pdbeSuppTypeVendorACAPI.initGlobalResources failed: %s source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52899228955.000000000040A000.00000004.00000001.01000000.00000003.sdmp |
Source: |
Binary string: d:\Projects\AirVPN\Repo\eddie-air\src\Lib.Platform.Windows.Native\bin\x64\Release\Lib.Platform.Windows.Native.pdb source: Lib.Platform.Windows.Native.dll.1.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52900388286.0000000000676000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Extract: vmmemctl.inf... 100%k |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Remote Desktop Virtualization Service |
Source: vmmemctl.inf.1.dr |
Binary or memory string: loc.Disk1 = "VMMemCtl Source Media" |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Volume Shadow Copy Requestor |
Source: vmmemctl.inf.1.dr |
Binary or memory string: [VMMemCtl.DriverFiles] |
Source: vmmemctl.inf.1.dr |
Binary or memory string: DriverPackageDisplayName = %loc.VMMemCtlServiceDisplayName% |
Source: vmmemctl.inf.1.dr |
Binary or memory string: loc.VMMemCtlServiceDisplayName = "Memory Control Driver" |
Source: vmmemctl.inf.1.dr |
Binary or memory string: DelService = %VMMemCtlServiceName%,0x204 |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Time Synchronization Service |
Source: vmmemctl.inf.1.dr |
Binary or memory string: CatalogFile = vmmemctl.cat |
Source: CasPol.exe, 00000003.00000003.52801779606.000000000134D000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52698691300.000000000134D000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52672166075.000000000134D000.00000004.00000020.00020000.00000000.sdmp, CasPol.exe, 00000003.00000003.52760335613.000000000134D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: vmmemctl.inf.1.dr |
Binary or memory string: [VMMemCtl.Service] |
Source: vmmemctl.inf.1.dr |
Binary or memory string: vmmemctl.sys |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52900478180.00000000006B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901444551.0000000002C11000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: vmmemctl.inf.1.dr |
Binary or memory string: [VMMemCtl.AddRegistry] |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Heartbeat Service |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901444551.0000000002C11000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ntdlluser32kernel32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\Microsoft.NET\Framework\v2.0.50727\caspol.exewindir=\syswow64\iertutil.dll |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52900478180.00000000006B2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe |
Source: vmmemctl.inf.1.dr |
Binary or memory string: VMwareProvider = "VMware, Inc." |
Source: vmmemctl.inf.1.dr |
Binary or memory string: ServiceBinary = %12%\vmmemctl.sys ;%windir%\system32\drivers\vmmemctl.sys |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Guest Shutdown Service |
Source: vmmemctl.inf.1.dr |
Binary or memory string: DisplayName = %loc.VMMemCtlServiceDisplayName% |
Source: vmmemctl.inf.1.dr |
Binary or memory string: DelFiles = VMMemCtl.DriverFiles |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmicshutdown |
Source: vmmemctl.inf.1.dr |
Binary or memory string: CopyFiles = VMMemCtl.DriverFiles |
Source: vmmemctl.inf.1.dr |
Binary or memory string: AddReg = VMMemCtl.AddRegistry |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V PowerShell Direct Service |
Source: vmmemctl.inf.1.dr |
Binary or memory string: DelReg = VMMemCtl.DelRegistry |
Source: vmmemctl.inf.1.dr |
Binary or memory string: VMMemCtlServiceName = "VMMemCtl" |
Source: vmmemctl.inf.1.dr |
Binary or memory string: vmmemctl.sys = 1 |
Source: vmmemctl.inf.1.dr |
Binary or memory string: OptionDesc = %loc.VMMemCtlServiceDesc% |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmicvss |
Source: vmmemctl.inf.1.dr |
Binary or memory string: loc.VMMemCtlServiceDesc = "Driver to provide enhanced memory management of this virtual machine." |
Source: vmmemctl.inf.1.dr |
Binary or memory string: ; Copyright (c) 1999-2019 VMware, Inc. All rights reserved. |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Data Exchange Service |
Source: vmmemctl.inf.1.dr |
Binary or memory string: [VMMemCtl.DelRegistry] |
Source: vmmemctl.inf.1.dr |
Binary or memory string: AddService = %VMMemCtlServiceName%,0x800,VMMemCtl.Service ; SPSVCINST_STARTSERVICE |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52900014831.0000000000638000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \Nonarguable.JAPGooCanvas-3.0.typelibfarme.Fej5Lib.Platform.Windows.Native.dllNMDllHost.exeSourceCodePro-Medium.otfSystem.Net.Http.dllathcfg20U.dllaudio-volume-high.pngbattery-level-10-symbolic.symbolic.pngedit-clear-rtl.pngnetwork-wireless-hotspot-symbolic.symbolic.pngvmmemctl.inf |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Hyper-V Guest Service Interface |
Source: vmmemctl.inf.1.dr |
Binary or memory string: ; vmmemctl.inf |
Source: vmmemctl.inf.1.dr |
Binary or memory string: Description = %loc.VMMemCtlServiceDesc% |
Source: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, 00000001.00000002.52901815574.00000000046E9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmicheartbeat |
Source: vmmemctl.inf.1.dr |
Binary or memory string: Provider = %VMwareProvider% |