Windows Analysis Report
Shaheed CV.exe

AV Detection

Source: Shaheed CV.exe

Avira: detected

Source: xp230522.ddns.net

Virustotal: Detection: 12%

Perma Link

Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Avira: detection malicious, Label: HEUR/AGEN.1250538

Source: Yara match	File source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.404062131.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 3888, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 3192, type: MEMORYSTR

Source: Shaheed CV.exe

Joe Sandbox ML: detected

Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Joe Sandbox ML: detected

Source: 1.0.Shaheed CV.exe.400000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 1.2.Shaheed CV.exe.5550000.21.unpack	Avira: Label: TR/NanoCore.fadte

Source: 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "99bdd317-26d2-4098-abcb-4bff156f", "Group": "Default", "Domain1": "xp230522.ddns.net", "Domain2": "xp230522.ddns.net", "Port": 1996, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}

Compliance

Source: Shaheed CV.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Shaheed CV.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp

Networking

Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49708 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49709 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 171.22.30.56:1996 -> 192.168.2.6:49709
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49710 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 171.22.30.56:1996 -> 192.168.2.6:49710
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49711 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49712 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.6:49712 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49713 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49714 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49715 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49716 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49717 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49718 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.6:49719 -> 171.22.30.56:1996
Source: Traffic	Snort IDS: 2841753 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) 171.22.30.56:1996 -> 192.168.2.6:49720

Source: Malware configuration extractor

URLs: xp230522.ddns.net

Source: unknown

DNS query: name: xp230522.ddns.net

Source: Joe Sandbox View

ASN Name: CMCSUS CMCSUS

Source: global traffic

TCP traffic: 192.168.2.6:49708 -> 171.22.30.56:1996

Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.246140536.0000000005BE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Shaheed CV.exe, 00000000.00000003.246864672.0000000005BDF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.247106372.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.246856571.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.246787210.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: Shaheed CV.exe, 00000000.00000003.247106372.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.246856571.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com8
Source: Shaheed CV.exe, 00000000.00000003.247106372.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.246856571.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comTC
Source: Shaheed CV.exe, 00000000.00000003.247106372.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.246856571.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comatt
Source: Shaheed CV.exe, 00000000.00000003.247106372.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.246856571.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comionq
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Shaheed CV.exe, 00000000.00000003.246787210.0000000005BD9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.comt
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Shaheed CV.exe, 00000000.00000003.263486813.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comce
Source: Shaheed CV.exe, 00000000.00000003.263486813.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comgrita
Source: Shaheed CV.exe, 00000000.00000003.263486813.0000000005BD0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comm3
Source: Shaheed CV.exe, 00000000.00000003.242986910.0000000005BF3000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Shaheed CV.exe, 00000000.00000003.249427675.0000000005BF0000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Shaheed CV.exe, 00000000.00000003.248783937.0000000005BE7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.monotype.
Source: Shaheed CV.exe, 00000000.00000003.245029512.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.245241266.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.246415982.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.243346345.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.243198416.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.246155308.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.242673254.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.245415325.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.244376932.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.244305278.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.247562154.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.243411948.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.245719163.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.245160199.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.245492602.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.242939851.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.241882169.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.244760078.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.245671794.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.247710170.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.247216864.0000000005BEB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Shaheed CV.exe, 00000000.00000003.248315965.0000000005BF2000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Shaheed CV.exe, 00000000.00000003.247267273.0000000005BF1000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.247349700.0000000005BF3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.comlic
Source: Shaheed CV.exe, 00000000.00000003.243437245.0000000005BF3000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.243362658.0000000005BF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.net
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Shaheed CV.exe, 00000000.00000003.243437245.0000000005BF3000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.243362658.0000000005BF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netnl4
Source: Shaheed CV.exe, 00000000.00000003.243437245.0000000005BF3000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000000.00000003.243362658.0000000005BF2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netz1
Source: Shaheed CV.exe, 00000000.00000003.249141608.0000000005BF3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.de
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Shaheed CV.exe, 00000000.00000002.283946896.0000000006DE2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn

Source: unknown

DNS traffic detected: queries for: xp230522.ddns.net

Key, Mouse, Clipboard, Microphone and Screen Capturing

Source: Shaheed CV.exe, 00000000.00000002.264013577.0000000000A49000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud

Source: Yara match	File source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.404062131.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 3888, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 3192, type: MEMORYSTR

System Summary

Source: 1.2.Shaheed CV.exe.70e0000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70e0000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70e0000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70c0000.29.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70c0000.29.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70c0000.29.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.7160000.37.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.7160000.37.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.7160000.37.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.3d4e5cf.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.3d4e5cf.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.3d4e5cf.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.47fc61c.12.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.47fc61c.12.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.47fc61c.12.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70e0000.31.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70e0000.31.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70e0000.31.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.6670000.24.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.6670000.24.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.6670000.24.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70d0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70d0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70d0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.7120000.34.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.7120000.34.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.7120000.34.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 19.2.dhcpmon.exe.329965c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 19.2.dhcpmon.exe.329965c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 19.2.dhcpmon.exe.329965c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.6f10000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.6f10000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.6f10000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.7090000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.7090000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.7090000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.6670000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.6670000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.6670000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.712e8a4.35.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.712e8a4.35.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.712e8a4.35.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.48b9696.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.48b9696.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.48b9696.16.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70a0000.27.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70a0000.27.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70a0000.27.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.48b0867.15.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.48b0867.15.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.48b0867.15.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.48b0867.15.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70f0000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70f0000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70f0000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.5540000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.5540000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.5540000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.48b0867.15.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.48b0867.15.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.48b0867.15.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.47fc61c.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.47fc61c.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.47fc61c.12.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.47fc61c.12.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.7124c9f.36.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.7124c9f.36.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.7124c9f.36.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70a0000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70a0000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70a0000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.46e5c69.10.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.46e5c69.10.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.46e5c69.10.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.3d49930.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.3d49930.3.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.3d49930.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.48c7ac6.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.48c7ac6.14.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.48c7ac6.14.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.46f1e9d.8.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.46f1e9d.8.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.46f1e9d.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 18.2.Shaheed CV.exe.301958c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.Shaheed CV.exe.301958c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 18.2.Shaheed CV.exe.301958c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.6f10000.25.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.6f10000.25.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.6f10000.25.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70f0000.32.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70f0000.32.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70f0000.32.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 18.2.Shaheed CV.exe.3ffb7ae.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.Shaheed CV.exe.3ffb7ae.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 18.2.Shaheed CV.exe.3ffb7ae.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.7110000.33.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.7110000.33.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.7110000.33.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70c0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70c0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70c0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 18.2.Shaheed CV.exe.40005e4.2.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 18.2.Shaheed CV.exe.40005e4.2.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 18.2.Shaheed CV.exe.40005e4.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.48c7ac6.14.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.48c7ac6.14.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.48c7ac6.14.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.7160000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.7160000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.7160000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.7110000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.7110000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.7110000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.70d0000.30.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.70d0000.30.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.70d0000.30.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.3d581d4.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.3d581d4.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.3d581d4.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.7120000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.7120000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.7120000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.48b9696.16.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.48b9696.16.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.48b9696.16.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.3d49930.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.2d9f364.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.2d9f364.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.2d9f364.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.3d49930.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.3d49930.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NanoCore Author: ditekSHen
Source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000012.00000002.403654416.000000000400E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.540864195.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.540864195.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.540864195.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000012.00000002.403274871.0000000003FF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.524873341.0000000003D41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.535928290.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.535928290.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.535928290.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.541719793.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.541719793.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.541719793.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.539874712.0000000006F10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.539874712.0000000006F10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.539874712.0000000006F10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000012.00000002.404062131.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.537661644.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.537661644.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.537661644.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.541145410.0000000007110000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.541145410.0000000007110000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.541145410.0000000007110000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000003.291412562.0000000006698000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Detects NanoCore Author: ditekSHen
Source: 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: Process Memory Space: Shaheed CV.exe PID: 3888, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: Shaheed CV.exe PID: 3888, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
Source: Process Memory Space: dhcpmon.exe PID: 3192, type: MEMORYSTR	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: dhcpmon.exe PID: 3192, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown

Source: Shaheed CV.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 1.2.Shaheed CV.exe.70e0000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70e0000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70e0000.31.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70e0000.31.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70c0000.29.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70c0000.29.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70c0000.29.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70c0000.29.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.7160000.37.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7160000.37.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7160000.37.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.7160000.37.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.3d4e5cf.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.3d4e5cf.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.3d4e5cf.5.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.3d4e5cf.5.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.47fc61c.12.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47fc61c.12.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47fc61c.12.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.47fc61c.12.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70e0000.31.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70e0000.31.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70e0000.31.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70e0000.31.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.6670000.24.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.6670000.24.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.6670000.24.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.6670000.24.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70d0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70d0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70d0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70d0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.7120000.34.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7120000.34.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7120000.34.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.7120000.34.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 19.2.dhcpmon.exe.329965c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 19.2.dhcpmon.exe.329965c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 19.2.dhcpmon.exe.329965c.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 19.2.dhcpmon.exe.329965c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.6f10000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.6f10000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.6f10000.25.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.6f10000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.7090000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7090000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7090000.26.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.7090000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.6670000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.6670000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.6670000.24.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.6670000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.712e8a4.35.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.712e8a4.35.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.712e8a4.35.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.712e8a4.35.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.48b9696.16.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48b9696.16.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48b9696.16.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.48b9696.16.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70a0000.27.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70a0000.27.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70a0000.27.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70a0000.27.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.48b0867.15.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48b0867.15.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48b0867.15.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.48b0867.15.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.48b0867.15.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70f0000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70f0000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70f0000.32.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70f0000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.5540000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.5540000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.5540000.20.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.5540000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.48b0867.15.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48b0867.15.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48b0867.15.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.48b0867.15.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.47fc61c.12.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47fc61c.12.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47fc61c.12.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.47fc61c.12.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.47fc61c.12.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.7124c9f.36.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7124c9f.36.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7124c9f.36.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.7124c9f.36.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70a0000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70a0000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70a0000.27.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70a0000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.46e5c69.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.46e5c69.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.46e5c69.10.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.46e5c69.10.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.3d49930.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.3d49930.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.3d49930.3.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.3d49930.3.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.48c7ac6.14.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48c7ac6.14.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48c7ac6.14.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.48c7ac6.14.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.46f1e9d.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.46f1e9d.8.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.46f1e9d.8.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.46f1e9d.8.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 18.2.Shaheed CV.exe.301958c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.2.Shaheed CV.exe.301958c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.2.Shaheed CV.exe.301958c.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 18.2.Shaheed CV.exe.301958c.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.6f10000.25.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.6f10000.25.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.6f10000.25.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.6f10000.25.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70f0000.32.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70f0000.32.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70f0000.32.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70f0000.32.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 18.2.Shaheed CV.exe.3ffb7ae.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.2.Shaheed CV.exe.3ffb7ae.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.2.Shaheed CV.exe.3ffb7ae.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 18.2.Shaheed CV.exe.3ffb7ae.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.7110000.33.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7110000.33.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7110000.33.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.7110000.33.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70c0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70c0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70c0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70c0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 18.2.Shaheed CV.exe.40005e4.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.2.Shaheed CV.exe.40005e4.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 18.2.Shaheed CV.exe.40005e4.2.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 18.2.Shaheed CV.exe.40005e4.2.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.48c7ac6.14.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48c7ac6.14.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48c7ac6.14.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.48c7ac6.14.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.7160000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7160000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7160000.37.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.7160000.37.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.7110000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7110000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7110000.33.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.7110000.33.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.70d0000.30.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70d0000.30.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.70d0000.30.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.70d0000.30.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.3d581d4.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.3d581d4.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.3d581d4.4.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.3d581d4.4.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.7120000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7120000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.7120000.34.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.7120000.34.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.48b9696.16.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48b9696.16.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.48b9696.16.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.48b9696.16.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.2dc5a5c.2.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.2dd1ca4.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.3d49930.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.3d49930.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.2d9f364.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.2d9f364.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.2d9f364.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.3d49930.3.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.3d49930.3.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000012.00000002.403654416.000000000400E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.540864195.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540864195.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540864195.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.540864195.00000000070F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000012.00000002.403274871.0000000003FF9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.524873341.0000000003D41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.535928290.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.535928290.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.535928290.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.535928290.0000000005540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.541719793.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.541719793.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.541719793.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.541719793.0000000007160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.539874712.0000000006F10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.539874712.0000000006F10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.539874712.0000000006F10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.539874712.0000000006F10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000012.00000002.404062131.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.537661644.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.537661644.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.537661644.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.537661644.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.541145410.0000000007110000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.541145410.0000000007110000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.541145410.0000000007110000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.541145410.0000000007110000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000003.291412562.0000000006698000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
Source: 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR	Matched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, score = file, reference = Internal Research
Source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
Source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: Process Memory Space: Shaheed CV.exe PID: 5432, type: MEMORYSTR	Matched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, score = file, reference = Internal Research
Source: Process Memory Space: dhcpmon.exe PID: 5336, type: MEMORYSTR	Matched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, score = file, reference = Internal Research
Source: Process Memory Space: dhcpmon.exe PID: 4884, type: MEMORYSTR	Matched rule: SUSP_Reversed_Base64_Encoded_EXE date = 2020-04-06, hash1 = 7e6d9a5d3b26fd1af7d58be68f524c4c55285b78304a65ec43073b139c9407a8, author = Florian Roth, description = Detects an base64 encoded executable with reversed characters, score = file, reference = Internal Research
Source: Process Memory Space: Shaheed CV.exe PID: 3888, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: Shaheed CV.exe PID: 3888, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
Source: Process Memory Space: dhcpmon.exe PID: 3192, type: MEMORYSTR	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: dhcpmon.exe PID: 3192, type: MEMORYSTR	Matched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 0_2_025D4620		0_2_025D4620
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 0_2_025D43D8		0_2_025D43D8
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 0_2_025D4610		0_2_025D4610
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 0_2_025DCB9C		0_2_025DCB9C
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 0_2_025DF440		0_2_025DF440
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 0_2_025DF430		0_2_025DF430
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 0_2_05AAF520		0_2_05AAF520
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_066702B0		1_2_066702B0
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_02BEE480		1_2_02BEE480
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_02BEBBD4		1_2_02BEBBD4
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_0755C628		1_2_0755C628
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_0755BD58		1_2_0755BD58
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_07552590		1_2_07552590
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_07551CB0		1_2_07551CB0
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_07554B18		1_2_07554B18
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_07553958		1_2_07553958
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_07551098		1_2_07551098
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_07551FF0		1_2_07551FF0
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_07551D6E		1_2_07551D6E
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_07554BD6		1_2_07554BD6
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_0755BA10		1_2_0755BA10

Source: Shaheed CV.exe, 00000000.00000002.283678911.0000000006D90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameQuestKingdom.dllH vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000000.00000002.290212833.0000000007720000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000000.00000002.264013577.0000000000A49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000000.00000002.268171209.000000000276B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000000.00000000.235947155.00000000002D2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameYlyaWRA.exe: vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQuestKingdom.dllH vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMajorRevision.exe< vs Shaheed CV.exe
Source: Shaheed CV.exe	Binary or memory string: OriginalFilename vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.540864195.00000000070F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCoreClientPlugin.dll8 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameManagementClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreBase.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPluginNew.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFileBrowserClient.dllT vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll@ vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSecurityClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAForge.Video.DirectShow.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNAudio.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPluginNew.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCoreClientPlugin.dll8 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameManagementClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreBase.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFileBrowserClient.dllT vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll@ vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCoreClientPlugin.dll8 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameManagementClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreBase.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFileBrowserClient.dllT vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll@ vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSecurityClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAForge.Video.DirectShow.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNAudio.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameAForge.Video.DirectShow.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNAudio.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll@ vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSecurityClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAForge.Video.DirectShow.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNAudio.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.524873341.0000000003D41000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAForge.Video.DirectShow.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.524873341.0000000003D41000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNAudio.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.524873341.0000000003D41000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.541224831.0000000007118000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSecurityClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.539874712.0000000006F10000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameManagementClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.537661644.0000000006670000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCoreClientPlugin.dll8 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll@ vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.541841831.000000000716E000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.541549078.0000000007148000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.525245666.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreBase.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000003.291412562.0000000006698000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.537586498.0000000006510000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameFileBrowserClient.dllT vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCoreClientPlugin.dll8 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameManagementClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreBase.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPluginNew.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameFileBrowserClient.dllT vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMyClientPlugin.dll@ vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSecurityClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000007.00000002.344687334.00000000016E9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000007.00000002.363822663.00000000045AA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameQuestKingdom.dllH vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000012.00000002.403274871.0000000003FF9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000012.00000002.404008541.0000000004020000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameLzma#.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe, 00000012.00000002.403901950.0000000004018000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs Shaheed CV.exe
Source: Shaheed CV.exe	Binary or memory string: OriginalFilenameYlyaWRA.exe: vs Shaheed CV.exe

Source: C:\Users\user\Desktop\Shaheed CV.exe

File read: C:\Users\user\Desktop\Shaheed CV.exe

Jump to behavior

Source: Shaheed CV.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Shaheed CV.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Shaheed CV.exe "C:\Users\user\Desktop\Shaheed CV.exe"
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Users\user\Desktop\Shaheed CV.exe {path}
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp622.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmpA49.tmp
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\Shaheed CV.exe "C:\Users\user\Desktop\Shaheed CV.exe" 0
Source: unknown	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" 0
Source: unknown	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe"
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Users\user\Desktop\Shaheed CV.exe {path}
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Users\user\Desktop\Shaheed CV.exe {path}			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp622.tmp			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmpA49.tmp			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Users\user\Desktop\Shaheed CV.exe {path}			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}			Jump to behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Shaheed CV.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe

File created: C:\Users\user\AppData\Local\Temp\tmp622.tmp

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winEXE@20/12@13/2

Source: Shaheed CV.exe	Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\Shaheed CV.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4872:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1788:120:WilError_01
Source: C:\Users\user\Desktop\Shaheed CV.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{99bdd317-26d2-4098-abcb-4bff156f262b}

Source: C:\Users\user\Desktop\Shaheed CV.exe

File created: C:\Program Files (x86)\DHCP Monitor

Jump to behavior

Source: 1.0.Shaheed CV.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 1.0.Shaheed CV.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 1.0.Shaheed CV.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Shaheed CV.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Shaheed CV.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Shaheed CV.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Source: 1.0.Shaheed CV.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 1.0.Shaheed CV.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_0755EFD0 push eax; ret		1_2_0755EFD1
Source: C:\Users\user\Desktop\Shaheed CV.exe	Code function: 1_2_0755F06A pushfd ; ret		1_2_0755F071

Source: initial sample	Static PE information: section name: .text entropy: 7.048102143625597
Source: initial sample	Static PE information: section name: .text entropy: 7.048102143625597

Source: 1.0.Shaheed CV.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs

High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='

Source: 1.0.Shaheed CV.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs

High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe

File created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Jump to dropped file

Boot Survival

Source: C:\Users\user\Desktop\Shaheed CV.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp622.tmp

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\Shaheed CV.exe

File opened: C:\Users\user\Desktop\Shaheed CV.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: Yara match	File source: 00000009.00000002.363499136.0000000002A7B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.268171209.000000000276B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 5336, type: MEMORYSTR

Source: Shaheed CV.exe, 00000000.00000002.268171209.000000000276B000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000007.00000002.361327545.00000000033AB000.00000004.00000800.00020000.00000000.sdmp, dhcpmon.exe, 00000009.00000002.363499136.0000000002A7B000.00000004.00000800.00020000.00000000.sdmp, dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: WINE_GET_UNIX_FILE_NAME

Source: Shaheed CV.exe, 00000000.00000002.268171209.000000000276B000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000007.00000002.361327545.00000000033AB000.00000004.00000800.00020000.00000000.sdmp, dhcpmon.exe, 00000009.00000002.363499136.0000000002A7B000.00000004.00000800.00020000.00000000.sdmp, dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -6456360425798339s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -240000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -239859s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -239702s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -239592s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -239483s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -239374s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -239263s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -239134s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -239000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -238839s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -238703s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -238588s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -238476s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -238348s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -238199s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -238060s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -237931s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -237827s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -237703s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -237593s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -237480s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -237343s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -237203s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -237085s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -236969s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -236859s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -236734s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -236609s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -236484s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -236372s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -236230s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -236109s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -236000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -235890s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -235781s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -235665s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -235560s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -235451s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -235327s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -235218s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -235109s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -234984s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -234857s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -234749s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -234640s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -234503s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -234344s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -234203s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -234092s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -233968s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1100	Thread sleep time: -233827s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 3084	Thread sleep time: -7378697629483816s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -1844674407370954s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -240000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -239657s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -239344s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -239141s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -239000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -238871s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -238750s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -238453s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -238342s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -238000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -237889s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -237761s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -237635s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -237515s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -237402s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -237249s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -237122s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -236935s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -236780s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -236669s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -236539s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -236297s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -236142s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -236000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -235844s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -235719s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -235584s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -235391s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -235250s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -235094s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -234981s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -234859s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -234750s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -234620s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -234494s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -234368s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -233594s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -233413s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -232706s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -232500s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -232297s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -232166s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -230750s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -230594s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -230341s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -230203s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -230062s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -229950s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -229840s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -229704s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -229500s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -229364s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -229157s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -229008s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -228890s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -228704s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -228574s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -228469s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -228341s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -228211s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -228047s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -227907s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -227750s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 5112	Thread sleep time: -227594s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -1844674407370954s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -240000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5360	Thread sleep count: 9558 > 30			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -239750s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -239640s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -239531s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -239372s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -239248s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -239121s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -238937s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -238702s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -238297s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -238164s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -238047s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -237828s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -237675s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -237500s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -237276s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -237156s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -236937s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -236641s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -236516s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -236391s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -236281s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -236153s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -236043s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -235844s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -235687s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -235559s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -235391s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -235250s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -235040s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -234250s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -234094s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -233000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -231437s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -231310s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -231181s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -231062s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -230891s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -230763s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -230652s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -230547s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -230436s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -230294s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -230169s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -230000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -229680s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -229438s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -229250s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -229140s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -229000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -228827s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -228688s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -228547s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -228387s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -228249s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -227980s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -227826s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -227671s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -227514s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -227398s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -227276s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -227141s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 5324	Thread sleep time: -227000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -1844674407370954s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -240000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1332	Thread sleep count: 9469 > 30			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -239813s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -239563s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -239288s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -239063s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -238810s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -238698s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -238559s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -238360s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -238110s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -237953s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -237703s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -237500s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -237360s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -237063s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -236937s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -236828s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -236693s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -236500s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -236360s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -236156s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -235952s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -235810s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -235688s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -235453s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -235297s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -235110s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -234906s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -234764s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -234610s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -234441s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -234312s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -234058s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -233750s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -233500s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -233250s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -233110s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -232984s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -232855s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -232703s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -232500s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -232340s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -232226s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -232109s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -231907s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -231750s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -231597s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -231453s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -231308s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -231142s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -230999s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -230826s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -230610s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -230468s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -230343s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -230228s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -230053s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -229906s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -229750s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -229610s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -229453s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -229280s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -229171s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -229058s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -228950s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1324	Thread sleep time: -228828s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe TID: 1572	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 2968	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1412	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239859			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239702			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239592			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239483			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239374			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239263			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239134			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238839			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238703			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238588			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238476			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238348			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238199			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238060			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237931			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237827			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237703			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237593			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237480			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237343			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237203			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237085			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236969			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236859			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236734			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236609			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236484			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236372			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236230			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236109			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235890			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235781			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235665			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235560			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235451			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235327			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235218			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235109			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234984			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234857			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234749			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234640			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234503			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234344			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234203			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234092			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 233968			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 233827			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239657			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239344			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239141			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238871			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238750			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238453			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238342			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237889			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237761			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237635			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237515			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237402			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237249			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237122			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236935			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236780			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236669			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236539			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236297			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236142			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235844			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235719			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235584			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235391			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235250			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235094			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234981			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234859			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234750			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234620			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234494			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234368			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 233594			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 233413			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 232706			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 232500			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 232297			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 232166			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230750			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230594			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230341			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230203			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230062			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229950			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229840			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229704			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229500			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229364			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229157			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229008			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228890			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228704			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228574			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228469			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228341			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228211			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228047			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 227907			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 227750			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 227594			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239750			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239640			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239531			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239372			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239248			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239121			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238937			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238702			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238297			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238164			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238047			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237828			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237675			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237276			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237156			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236937			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236641			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236516			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236391			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236281			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236153			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236043			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235844			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235687			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235559			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235391			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235250			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235040			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234250			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234094			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231437			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231310			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231181			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231062			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230891			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230763			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230652			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230547			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230436			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230294			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230169			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229680			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229438			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229250			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229140			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228827			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228688			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228547			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228387			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228249			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227980			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227826			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227671			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227514			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227398			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227276			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227141			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239813			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239563			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239288			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239063			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238810			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238698			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238559			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238360			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238110			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237953			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237703			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237360			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237063			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236937			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236828			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236693			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236360			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236156			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235952			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235810			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235688			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235453			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235297			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235110			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234906			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234764			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234610			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234441			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234312			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234058			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233750			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233250			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233110			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232984			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232855			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232703			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232340			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232226			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232109			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231907			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231750			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231597			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231453			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231308			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231142			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230999			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230826			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230610			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230468			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230343			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230228			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230053			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229906			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229750			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229610			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229453			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229280			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229171			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229058			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228950			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228828			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\Shaheed CV.exe	Window / User API: threadDelayed 8855			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Window / User API: threadDelayed 9627			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Window / User API: foregroundWindowGot 572			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Window / User API: foregroundWindowGot 479			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Window / User API: threadDelayed 9641			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Window / User API: threadDelayed 9558			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Window / User API: threadDelayed 9469			Jump to behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239859			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239702			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239592			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239483			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239374			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239263			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239134			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238839			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238703			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238588			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238476			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238348			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238199			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238060			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237931			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237827			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237703			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237593			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237480			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237343			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237203			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237085			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236969			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236859			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236734			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236609			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236484			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236372			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236230			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236109			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235890			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235781			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235665			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235560			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235451			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235327			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235218			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235109			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234984			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234857			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234749			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234640			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234503			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234344			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234203			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234092			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 233968			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 233827			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239657			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239344			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239141			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 239000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238871			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238750			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238453			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238342			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 238000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237889			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237761			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237635			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237515			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237402			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237249			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 237122			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236935			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236780			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236669			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236539			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236297			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236142			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 236000			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235844			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235719			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235584			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235391			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235250			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 235094			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234981			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234859			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234750			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234620			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234494			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 234368			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 233594			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 233413			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 232706			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 232500			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 232297			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 232166			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230750			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230594			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230341			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230203			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 230062			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229950			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229840			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229704			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229500			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229364			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229157			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 229008			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228890			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228704			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228574			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228469			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228341			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228211			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 228047			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 227907			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 227750			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 227594			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239750			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239640			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239531			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239372			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239248			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239121			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238937			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238702			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238297			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238164			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238047			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237828			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237675			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237276			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237156			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236937			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236641			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236516			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236391			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236281			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236153			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236043			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235844			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235687			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235559			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235391			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235250			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235040			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234250			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234094			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231437			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231310			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231181			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231062			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230891			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230763			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230652			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230547			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230436			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230294			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230169			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229680			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229438			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229250			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229140			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228827			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228688			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228547			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228387			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228249			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227980			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227826			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227671			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227514			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227398			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227276			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227141			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 227000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 240000			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239813			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239563			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239288			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 239063			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238810			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238698			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238559			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238360			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 238110			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237953			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237703			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237360			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 237063			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236937			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236828			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236693			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236360			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 236156			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235952			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235810			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235688			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235453			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235297			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 235110			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234906			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234764			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234610			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234441			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234312			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 234058			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233750			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233250			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 233110			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232984			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232855			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232703			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232500			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232340			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232226			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 232109			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231907			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231750			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231597			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231453			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231308			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 231142			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230999			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230826			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230610			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230468			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230343			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230228			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 230053			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229906			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229750			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229610			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229453			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229280			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229171			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 229058			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228950			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 228828			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477

Source: dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
Source: dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE
Source: dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: dhcpmon.exe, 0000000F.00000002.379850214.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: Shaheed CV.exe, 00000001.00000002.508778046.0000000000E54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

Source: C:\Users\user\Desktop\Shaheed CV.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\Shaheed CV.exe	Memory written: C:\Users\user\Desktop\Shaheed CV.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Memory written: C:\Users\user\Desktop\Shaheed CV.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Memory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Memory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5A			Jump to behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Users\user\Desktop\Shaheed CV.exe {path}			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmp622.tmp			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor Task" /xml "C:\Users\user\AppData\Local\Temp\tmpA49.tmp			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Process created: C:\Users\user\Desktop\Shaheed CV.exe {path}			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe {path}			Jump to behavior

Source: Shaheed CV.exe, 00000001.00000002.541900523.000000000752C000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Program Managerram Managert
Source: Shaheed CV.exe, 00000001.00000002.524134831.000000000330B000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.543281603.00000000090AC000.00000004.00000010.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.523546334.00000000032AF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: Shaheed CV.exe, 00000001.00000002.524134831.000000000330B000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.523546334.00000000032AF000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.518686748.0000000002F9B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager(h
Source: Shaheed CV.exe, 00000001.00000002.539650399.0000000006A0C000.00000004.00000010.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.536752502.00000000061BB000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Program Managert@
Source: Shaheed CV.exe, 00000001.00000002.518000484.0000000002F30000.00000004.00000800.00020000.00000000.sdmp, Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerHa

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Users\user\Desktop\Shaheed CV.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Users\user\Desktop\Shaheed CV.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Users\user\Desktop\Shaheed CV.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Users\user\Desktop\Shaheed CV.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\Shaheed CV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\Shaheed CV.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\Shaheed CV.exe

Code function: 1_2_07552590 GetSystemTimes,

1_2_07552590

Lowering of HIPS / PFW / Operating System Security Settings

Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Users\user\Desktop\Shaheed CV.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

Stealing of Sensitive Information

Source: Yara match	File source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.404062131.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 3888, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 3192, type: MEMORYSTR

Remote Access Functionality

Source: Shaheed CV.exe, 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.540864195.00000000070F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
Source: Shaheed CV.exe, 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: Shaheed CV.exe, 00000001.00000002.540406336.00000000070A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: Shaheed CV.exe, 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: Shaheed CV.exe, 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
Source: Shaheed CV.exe, 00000001.00000002.541259921.0000000007120000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.529484234.0000000004854000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
Source: Shaheed CV.exe, 00000001.00000002.524873341.0000000003D41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.541719793.0000000007160000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.539874712.0000000006F10000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.537661644.0000000006670000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.540641367.00000000070D0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.541145410.0000000007110000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.540517002.00000000070B0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: Shaheed CV.exe, 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.540758776.00000000070E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
Source: Shaheed CV.exe, 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.540343328.0000000007090000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: Shaheed CV.exe, 00000001.00000003.291412562.0000000006698000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.540584310.00000000070C0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: Shaheed CV.exe, 00000001.00000002.514850131.0000000002D99000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
Source: Shaheed CV.exe, 00000012.00000002.403654416.000000000400E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000012.00000002.403654416.000000000400E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: HApplicationBaseMicrosoft.VisualBasic.ApplicationServicesUserConversionsMicrosoft.VisualBasic.CompilerServicesObjectFlowControlOperatorsProjectDataStandardModuleAttributeComputerMicrosoft.VisualBasic.DevicesHideModuleNameAttributeMyGroupCollectionAttributeContextValue`1Microsoft.VisualBasic.MyServices.InternalClientInvokeDelegateNanoCoreIClientDataNanoCore.ClientPluginIClientNetworkIClientDataHostNanoCore.ClientPluginHostIClientLoggingHostIClientNetworkHostIClientUIHostIClientNameObjectCollectionIClientReadOnlyNameObjectCollectionActivatorAppDomainArgumentOutOfRangeExceptionArrayAsyncCallbackBitConverterBooleanBufferByteCharCLSCompliantAttributeGeneratedCodeAttributeSystem.CodeDom.CompilerDictionary`2System.Collections.GenericEnumeratorIEnumerable`1KeyValuePair`2List`1IEnumeratorSystem.CollectionsEditorBrowsableAttributeSystem.ComponentModelEditorBrowsableStateApplicationSettingsBaseSystem.ConfigurationSettingsBaseDateTimeDateTimeKindDelegateDebuggerDisplayAttributeSystem
Source: Shaheed CV.exe, 00000012.00000002.403274871.0000000003FF9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000012.00000002.403274871.0000000003FF9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: Shaheed CV.exe, 00000012.00000002.404062131.0000000004024000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: Shaheed CV.exe, 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
Source: dhcpmon.exe, 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: dhcpmon.exe, 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll

Source: Yara match	File source: 1.0.Shaheed CV.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.Shaheed CV.exe.40195d0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e3df0.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5550000.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5554629.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.37e1550.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4944990.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47064ca.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.5550000.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.37e1550.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.493fb5a.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e3df0.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.47e8419.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.46f1e9d.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.46e5c69.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4948fb9.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.Shaheed CV.exe.4944990.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Shaheed CV.exe.3950a00.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.262348704.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.528777384.00000000047DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277482638.0000000003721000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.404062131.0000000004024000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.530638518.000000000493F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.525868559.000000000460F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.535983394.0000000005550000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.400787267.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.400472140.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.278459244.000000000386E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 4896, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 4408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Shaheed CV.exe PID: 3888, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dhcpmon.exe PID: 3192, type: MEMORYSTR