Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
y5S5mjkeeT.exe

Overview

General Information

Sample Name:y5S5mjkeeT.exe
Analysis ID:798248
MD5:373dfd91476ca6648beeb235d30cf54f
SHA1:ea13a1f8343bba2d074402360613937325b5c32d
SHA256:86f42645b20ddd4fd363bab53bd0a6c3ea69dac332b403e975837b71e3f57126
Tags:exeNanoCoreRAT
Infos:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Detected Nanocore Rat
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected Nanocore RAT
Detected unpacking (creates a PE file in dynamic memory)
Snort IDS alert for network traffic
Machine Learning detection for sample
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses dynamic DNS services
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Internet Provider seen in connection with other malware
Detected potential crypto function
PE file contains executable resources (Code or Archives)
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports

Classification

Process Tree

  • System is w10x64
  • y5S5mjkeeT.exe (PID: 5084 cmdline: C:\Users\user\Desktop\y5S5mjkeeT.exe MD5: 373DFD91476CA6648BEEB235D30CF54F)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "fc2f5233-89c0-4cab-99aa-8d389dd5", "Domain1": "thesopranos.duckdns.org", "Domain2": "thesopranos.duckdns.org", "Port": 1365, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
y5S5mjkeeT.exeNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
  • 0x237e5:$x1: NanoCore.ClientPluginHost
  • 0x23822:$x2: IClientNetworkHost
  • 0x27355:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
y5S5mjkeeT.exeNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth (Nextron Systems)
  • 0x2355d:$x1: NanoCore Client.exe
  • 0x237e5:$x2: NanoCore.ClientPluginHost
  • 0x24e1e:$s1: PluginCommand
  • 0x24e12:$s2: FileCommand
  • 0x25cc3:$s3: PipeExists
  • 0x2ba7a:$s4: PipeCreated
  • 0x2380f:$s5: IClientLoggingHost
y5S5mjkeeT.exeJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    y5S5mjkeeT.exeMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
    • 0x2354d:$x1: NanoCore Client
    • 0x2355d:$x1: NanoCore Client
    • 0x237a5:$x2: NanoCore.ClientPlugin
    • 0x237e5:$x3: NanoCore.ClientPluginHost
    • 0x2379a:$i1: IClientApp
    • 0x237bb:$i2: IClientData
    • 0x237c7:$i3: IClientNetwork
    • 0x237d6:$i4: IClientAppHost
    • 0x237ff:$i5: IClientDataHost
    • 0x2380f:$i6: IClientLoggingHost
    • 0x23822:$i7: IClientNetworkHost
    • 0x23835:$i8: IClientUIHost
    • 0x23843:$i9: IClientNameObjectCollection
    • 0x2385f:$i10: IClientReadOnlyNameObjectCollection
    • 0x235ac:$s1: ClientPlugin
    • 0x237ae:$s1: ClientPlugin
    • 0x23ca2:$s2: EndPoint
    • 0x23cab:$s3: IPAddress
    • 0x23cb5:$s4: IPEndPoint
    • 0x256eb:$s6: get_ClientSettings
    • 0x25c8f:$s7: get_Connected
    y5S5mjkeeT.exeNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x2354d:$a: NanoCore
    • 0x2355d:$a: NanoCore
    • 0x23791:$a: NanoCore
    • 0x237a5:$a: NanoCore
    • 0x237e5:$a: NanoCore
    • 0x235ac:$b: ClientPlugin
    • 0x237ae:$b: ClientPlugin
    • 0x237ee:$b: ClientPlugin
    • 0x236d3:$c: ProjectData
    • 0x240da:$d: DESCrypto
    • 0x2baa6:$e: KeepAlive
    • 0x29a94:$g: LogClientMessage
    • 0x25c8f:$i: get_Connected
    • 0x24410:$j: #=q
    • 0x24440:$j: #=q
    • 0x2445c:$j: #=q
    • 0x2448c:$j: #=q
    • 0x244a8:$j: #=q
    • 0x244c4:$j: #=q
    • 0x244f4:$j: #=q
    • 0x24510:$j: #=q
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
    • 0x350b:$x1: NanoCore.ClientPluginHost
    • 0x3525:$x2: IClientNetworkHost
    00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth (Nextron Systems)
    • 0x350b:$x2: NanoCore.ClientPluginHost
    • 0x52b6:$s4: PipeCreated
    • 0x34f8:$s5: IClientLoggingHost
    00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
    • 0x34e2:$x2: NanoCore.ClientPlugin
    • 0x350b:$x3: NanoCore.ClientPluginHost
    • 0x34d3:$i3: IClientNetwork
    • 0x34f8:$i6: IClientLoggingHost
    • 0x3525:$i7: IClientNetworkHost
    • 0x334e:$s1: ClientPlugin
    • 0x34eb:$s1: ClientPlugin
    00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmpWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
    • 0x350b:$a1: NanoCore.ClientPluginHost
    • 0x34e2:$a2: NanoCore.ClientPlugin
    • 0x5854:$b7: LogClientException
    • 0x34f8:$b9: IClientLoggingHost
    00000000.00000002.584289317.00000000036D6000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
    • 0x12a77:$a1: NanoCore.ClientPluginHost
    • 0x12a4e:$a2: NanoCore.ClientPlugin
    • 0x12a64:$b9: IClientLoggingHost
    Click to see the 84 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
    • 0x13a8:$x1: NanoCore.ClientPluginHost
    0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth (Nextron Systems)
    • 0x13a8:$x2: NanoCore.ClientPluginHost
    • 0x1486:$s4: PipeCreated
    • 0x13c2:$s5: IClientLoggingHost
    0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpackMALWARE_Win_NanoCoreDetects NanoCoreditekSHen
    • 0x13f2:$x2: NanoCore.ClientPlugin
    • 0x13a8:$x3: NanoCore.ClientPluginHost
    • 0x1408:$i3: IClientNetwork
    • 0x13c2:$i6: IClientLoggingHost
    • 0x1185:$s1: ClientPlugin
    • 0x13fb:$s1: ClientPlugin
    0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpackWindows_Trojan_Nanocore_d8c4e3c5unknownunknown
    • 0x13a8:$a1: NanoCore.ClientPluginHost
    • 0x13f2:$a2: NanoCore.ClientPlugin
    • 0x13c2:$b9: IClientLoggingHost
    0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth (Nextron Systems)
    • 0xb184:$x1: NanoCore.ClientPluginHost
    • 0xb1b1:$x2: IClientNetworkHost
    Click to see the 227 entries

    Sigma Signatures

    AV Detection

    barindex
    Sigma detected: NanoCore
    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\y5S5mjkeeT.exe, ProcessId: 5084, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

    E-Banking Fraud

    barindex
    Sigma detected: NanoCore
    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\y5S5mjkeeT.exe, ProcessId: 5084, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

    Stealing of Sensitive Information

    barindex
    Sigma detected: NanoCore
    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\y5S5mjkeeT.exe, ProcessId: 5084, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

    Remote Access Functionality

    barindex
    Sigma detected: NanoCore
    Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\y5S5mjkeeT.exe, ProcessId: 5084, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

    Snort Signatures

    Timestamp:192.168.2.4193.31.30.1384970813652816766 02/03/23-21:42:59.229875
    SID:2816766
    Source Port:49708
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384971113652816766 02/03/23-21:43:19.733201
    SID:2816766
    Source Port:49711
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:193.31.30.138192.168.2.41365496992810290 02/03/23-21:42:04.491586
    SID:2810290
    Source Port:1365
    Destination Port:49699
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384969713652816766 02/03/23-21:41:49.032872
    SID:2816766
    Source Port:49697
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384971313652816766 02/03/23-21:43:31.846870
    SID:2816766
    Source Port:49713
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384971413652816766 02/03/23-21:43:40.390732
    SID:2816766
    Source Port:49714
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384969913652816766 02/03/23-21:42:05.379552
    SID:2816766
    Source Port:49699
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384970613652816766 02/03/23-21:42:46.809122
    SID:2816766
    Source Port:49706
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384971513652816718 02/03/23-21:43:47.109782
    SID:2816718
    Source Port:49715
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384970013652816766 02/03/23-21:42:12.402796
    SID:2816766
    Source Port:49700
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384970213652816766 02/03/23-21:42:24.557049
    SID:2816766
    Source Port:49702
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384970713652816766 02/03/23-21:42:52.867818
    SID:2816766
    Source Port:49707
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384971213652816766 02/03/23-21:43:25.903398
    SID:2816766
    Source Port:49712
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384971013652816766 02/03/23-21:43:12.596267
    SID:2816766
    Source Port:49710
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384970913652816766 02/03/23-21:43:05.491256
    SID:2816766
    Source Port:49709
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384971513652816766 02/03/23-21:43:47.109782
    SID:2816766
    Source Port:49715
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384970113652816718 02/03/23-21:42:18.551673
    SID:2816718
    Source Port:49701
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384970513652816766 02/03/23-21:42:39.610403
    SID:2816766
    Source Port:49705
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384969813652816766 02/03/23-21:41:56.401742
    SID:2816766
    Source Port:49698
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384970313652816766 02/03/23-21:42:31.593254
    SID:2816766
    Source Port:49703
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.4193.31.30.1384970113652816766 02/03/23-21:42:18.551673
    SID:2816766
    Source Port:49701
    Destination Port:1365
    Protocol:TCP
    Classtype:A Network Trojan was detected

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: y5S5mjkeeT.exeReversingLabs: Detection: 92%
    Source: y5S5mjkeeT.exeVirustotal: Detection: 78%Perma Link
    Antivirus / Scanner detection for submitted sample
    Source: y5S5mjkeeT.exeAvira: detected
    Antivirus detection for URL or domain
    Source: thesopranos.duckdns.orgAvira URL Cloud: Label: malware
    Yara detected Nanocore RAT
    Source: Yara matchFile source: y5S5mjkeeT.exe, type: SAMPLE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTR
    Machine Learning detection for sample
    Source: y5S5mjkeeT.exeJoe Sandbox ML: detected
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpackAvira: Label: TR/Dropper.MSIL.Gen7
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.unpackAvira: Label: TR/NanoCore.fadte
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
    Source: 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "fc2f5233-89c0-4cab-99aa-8d389dd5", "Domain1": "thesopranos.duckdns.org", "Domain2": "thesopranos.duckdns.org", "Port": 1365, "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

    Compliance

    barindex
    Detected unpacking (creates a PE file in dynamic memory)
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeUnpacked PE file: 0.2.y5S5mjkeeT.exe.4870000.14.unpack
    Source: y5S5mjkeeT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp

    Networking

    barindex
    Snort IDS alert for network traffic
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49697 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49698 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49699 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2810290 ETPRO TROJAN NanoCore RAT Keepalive Response 1 193.31.30.138:1365 -> 192.168.2.4:49699
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49700 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49701 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.4:49701 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49702 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49703 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49705 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49706 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49707 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49708 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49709 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49710 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49711 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49712 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49713 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49714 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816766 ETPRO TROJAN NanoCore RAT CnC 7 192.168.2.4:49715 -> 193.31.30.138:1365
    Source: TrafficSnort IDS: 2816718 ETPRO TROJAN NanoCore RAT Keep-Alive Beacon 192.168.2.4:49715 -> 193.31.30.138:1365
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: thesopranos.duckdns.org
    Uses dynamic DNS services
    Source: unknownDNS query: name: thesopranos.duckdns.org
    Source: Joe Sandbox ViewASN Name: QUICKPACKETUS QUICKPACKETUS
    Source: global trafficTCP traffic: 192.168.2.4:49697 -> 193.31.30.138:1365
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://google.com
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
    Source: unknownDNS traffic detected: queries for: thesopranos.duckdns.org
    Source: y5S5mjkeeT.exe, 00000000.00000002.575470850.000000000075A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
    Source: y5S5mjkeeT.exe, 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: RegisterRawInputDevices

    E-Banking Fraud

    barindex
    Yara detected Nanocore RAT
    Source: Yara matchFile source: y5S5mjkeeT.exe, type: SAMPLE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTR

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: y5S5mjkeeT.exe, type: SAMPLEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: y5S5mjkeeT.exe, type: SAMPLEMatched rule: Detects NanoCore Author: ditekSHen
    Source: y5S5mjkeeT.exe, type: SAMPLEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: y5S5mjkeeT.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6714c9f.29.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6714c9f.29.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6714c9f.29.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.3430fef.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.3430fef.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.3430fef.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.56c0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.56c0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.56c0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.671e8a4.30.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.671e8a4.30.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.671e8a4.30.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6670000.21.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6670000.21.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6670000.21.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.343abf4.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.343abf4.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.343abf4.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 0.2.y5S5mjkeeT.exe.2444fd4.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 0.2.y5S5mjkeeT.exe.2444fd4.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NanoCore Author: ditekSHen
    Source: 0.2.y5S5mjkeeT.exe.2444fd4.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 0.2.y5S5mjkeeT.exe.2444fd4.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.584289317.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.584289317.0000000003423000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000003.315773906.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects NanoCore Author: ditekSHen
    Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTRMatched rule: Detetcs the Nanocore RAT Author: Florian Roth (Nextron Systems)
    Source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTRMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
    Source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 Author: unknown
    Source: y5S5mjkeeT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: y5S5mjkeeT.exe, type: SAMPLEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: y5S5mjkeeT.exe, type: SAMPLEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: y5S5mjkeeT.exe, type: SAMPLEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: y5S5mjkeeT.exe, type: SAMPLEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: y5S5mjkeeT.exe, type: SAMPLEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.66b0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6714c9f.29.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6714c9f.29.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6714c9f.29.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6714c9f.29.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6750000.32.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.66e0000.27.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6710000.31.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.3430fef.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.3430fef.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.3430fef.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.3430fef.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.66d0000.26.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2474c78.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.56c0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.56c0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.56c0000.15.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.56c0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2480ec0.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.375881e.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.66a0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.66c0000.25.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.3766c4e.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.671e8a4.30.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.671e8a4.30.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.671e8a4.30.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.671e8a4.30.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.64e0000.20.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6670000.21.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6670000.21.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6670000.21.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6670000.21.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6700000.28.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.5c00000.19.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.343abf4.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.343abf4.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.343abf4.11.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.343abf4.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.6690000.22.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.342c350.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.2.y5S5mjkeeT.exe.374f9ef.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 0.2.y5S5mjkeeT.exe.2444fd4.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 0.2.y5S5mjkeeT.exe.2444fd4.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2444fd4.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 0.2.y5S5mjkeeT.exe.2444fd4.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.584289317.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.584289317.0000000003423000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000003.315773906.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth (Nextron Systems), description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_NanoCore author = ditekSHen, description = Detects NanoCore
    Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTRMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth (Nextron Systems), description = Detetcs the Nanocore RAT, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
    Source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTRMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
    Source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTRMatched rule: Windows_Trojan_Nanocore_d8c4e3c5 reference_sample = b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Nanocore, fingerprint = e5c284f14c1c650ef8ddd7caf314f5318e46a811addc2af5e70890390c7307d4, id = d8c4e3c5-8bcc-43d2-9104-fa3774282da5, last_modified = 2021-08-23
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeCode function: 0_2_05C002AD0_2_05C002AD
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeCode function: 0_2_05C002B00_2_05C002B0
    Source: y5S5mjkeeT.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
    Source: y5S5mjkeeT.exeBinary or memory string: OriginalFilename vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591723771.000000000675E000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMyClientPlugin.dll@ vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSecurityClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAForge.Video.DirectShow.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNAudio.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591400044.0000000006708000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSecurityClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036D6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCoreClientPlugin.dll8 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameManagementClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNanoCoreBase.dll< vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMyClientPluginNew.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFileBrowserClient.dllT vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMyClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMyClientPlugin.dll@ vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSecurityClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameManagementClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNanoCoreBase.dll< vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591453188.0000000006738000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFileBrowserClient.dllT vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCoreClientPlugin.dll8 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.0000000003423000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAForge.Video.DirectShow.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.0000000003423000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNAudio.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.0000000003423000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNetworkClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.589835979.0000000005AB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAForge.Video.DirectShow.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNAudio.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000003.315773906.00000000058A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMyClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMyClientPluginNew.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNanoCoreStressTester.dll< vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exe, 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMyClientPlugin.dll@ vs y5S5mjkeeT.exe
    Source: y5S5mjkeeT.exeReversingLabs: Detection: 92%
    Source: y5S5mjkeeT.exeVirustotal: Detection: 78%
    Source: y5S5mjkeeT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeFile created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9AJump to behavior
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/4@18/1
    Source: y5S5mjkeeT.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{fc2f5233-89c0-4cab-99aa-8d389dd5dffd}
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
    Source: y5S5mjkeeT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp
    Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp

    Data Obfuscation

    barindex
    Detected unpacking (creates a PE file in dynamic memory)
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeUnpacked PE file: 0.2.y5S5mjkeeT.exe.4870000.14.unpack
    .NET source code contains potential unpacker
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
    Source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

    Hooking and other Techniques for Hiding and Protection

    barindex
    Hides that the sample has been downloaded from the Internet (zone.identifier)
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeFile opened: C:\Users\user\Desktop\y5S5mjkeeT.exe:Zone.Identifier read attributes | deleteJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exe TID: 2904Thread sleep time: -10145709240540247s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWindow / User API: threadDelayed 9418Jump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWindow / User API: foregroundWindowGot 769Jump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWindow / User API: foregroundWindowGot 863Jump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: y5S5mjkeeT.exe, 00000000.00000002.588873866.0000000005870000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllLP
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeMemory allocated: page read and write | page guardJump to behavior
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000026A3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerH
    Source: y5S5mjkeeT.exe, 00000000.00000002.593056778.000000000833F000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Program ManagerTDL
    Source: y5S5mjkeeT.exe, 00000000.00000002.590863151.000000000666B000.00000004.00000010.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000029BE000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000029A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
    Source: y5S5mjkeeT.exe, 00000000.00000002.591878289.000000000686E000.00000004.00000010.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.593204831.00000000085BF000.00000004.00000010.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.592644920.000000000793B000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Program Managerram Manager
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000025F9000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000026A3000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000027D5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerX
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.0000000002541000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.000000000259B000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.000000000259F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerx
    Source: y5S5mjkeeT.exe, 00000000.00000002.589889112.0000000005BFA000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Program Manager
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000026A3000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.0000000002569000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerHa
    Source: y5S5mjkeeT.exe, 00000000.00000002.592710496.0000000007A7F000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Program ManagerMl8
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
    Source: C:\Users\user\Desktop\y5S5mjkeeT.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

    Stealing of Sensitive Information

    barindex
    Yara detected Nanocore RAT
    Source: Yara matchFile source: y5S5mjkeeT.exe, type: SAMPLE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Detected Nanocore Rat
    Source: y5S5mjkeeT.exeString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
    Source: y5S5mjkeeT.exe, 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
    Source: y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
    Source: y5S5mjkeeT.exe, 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
    Source: y5S5mjkeeT.exe, 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
    Source: y5S5mjkeeT.exe, 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
    Source: y5S5mjkeeT.exe, 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.0000000003423000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000003.315773906.00000000058A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
    Source: y5S5mjkeeT.exe, 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
    Source: y5S5mjkeeT.exe, 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exe, 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: NanoCore.ClientPluginHost
    Source: y5S5mjkeeT.exeString found in binary or memory: NanoCore.ClientPluginHost
    Yara detected Nanocore RAT
    Source: Yara matchFile source: y5S5mjkeeT.exe, type: SAMPLE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348fa31.13.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.7a84d0.0.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5750000.16.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.2370000.1.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5754629.17.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348b408.10.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.5750000.16.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.348b408.10.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.3476f6d.6.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.2370000.1.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.7a84d0.0.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.0.y5S5mjkeeT.exe.400000.0.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.y5S5mjkeeT.exe.4870000.14.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: y5S5mjkeeT.exe PID: 5084, type: MEMORYSTR

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid Accounts1
    Windows Management Instrumentation    		Path Interception1
    Process Injection    		1
    Masquerading    		21
    Input Capture    		11
    Security Software Discovery    		Remote Services21
    Input Capture    		Exfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Disable or Modify Tools    		LSASS Memory2
    Process Discovery    		Remote Desktop Protocol11
    Archive Collected Data    		Exfiltration Over Bluetooth1
    Non-Standard Port    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
    Virtualization/Sandbox Evasion    		Security Account Manager21
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
    Remote Access Software    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
    Process Injection    		NTDS1
    Application Window Discovery    		Distributed Component Object ModelInput CaptureScheduled Transfer1
    Non-Application Layer Protocol    		SIM Card SwapCarrier Billing Fraud
    Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
    Deobfuscate/Decode Files or Information    		LSA Secrets12
    System Information Discovery    		SSHKeyloggingData Transfer Size Limits21
    Application Layer Protocol    		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
    Replication Through Removable MediaLaunchdRc.commonRc.common1
    Hidden Files and Directories    		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
    External Remote ServicesScheduled TaskStartup ItemsStartup Items21
    Software Packing    		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    y5S5mjkeeT.exe92%ReversingLabsWin32.Backdoor.NanoCore
    y5S5mjkeeT.exe78%VirustotalBrowse
    y5S5mjkeeT.exe100%AviraTR/Dropper.MSIL.Gen7
    y5S5mjkeeT.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    SourceDetectionScannerLabelLinkDownload
    0.2.y5S5mjkeeT.exe.4870000.14.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
    0.2.y5S5mjkeeT.exe.5750000.16.unpack100%AviraTR/NanoCore.fadteDownload File
    0.0.y5S5mjkeeT.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    thesopranos.duckdns.org100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    thesopranos.duckdns.org
    		193.31.30.138
    		truetrue
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      thesopranos.duckdns.orgtrue
      • Avira URL Cloud: malware
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://google.comy5S5mjkeeT.exe, 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, y5S5mjkeeT.exe, 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmpfalse
        		high
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namey5S5mjkeeT.exe, 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmpfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          193.31.30.138
          		thesopranos.duckdns.orgUnited Kingdom
          		46261QUICKPACKETUStrue

          General Information

          Joe Sandbox Version:36.0.0 Rainbow Opal
          Analysis ID:798248
          Start date and time:2023-02-03 21:40:48 +01:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 9m 52s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:6
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample file name:y5S5mjkeeT.exe
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@1/4@18/1
          EGA Information:
          • Successful, ratio: 100%
          HDC Information:Failed
          HCA Information:
          • Successful, ratio: 97%
          • Number of executed functions: 1
          • Number of non-executed functions: 2
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
          • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtDeviceIoControlFile calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          21:41:46API Interceptor1002x Sleep call for process: y5S5mjkeeT.exe modified

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          193.31.30.138X80UfZE3PA.exeGet hashmaliciousBrowse
            Order No 2118013.docGet hashmaliciousBrowse

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              QUICKPACKETUSX80UfZE3PA.exeGet hashmaliciousBrowse
              • 193.31.30.138
              POS2303OC.exeGet hashmaliciousBrowse
              • 141.98.16.169
              ye6eow5tNk.exeGet hashmaliciousBrowse
              • 185.239.208.35
              Order No 2118013.docGet hashmaliciousBrowse
              • 193.31.30.138
              dGCnwOnxb1.elfGet hashmaliciousBrowse
              • 185.202.238.20
              B0MdnLnOIa.elfGet hashmaliciousBrowse
              • 185.202.238.20
              POWN200303885-GSN.exeGet hashmaliciousBrowse
              • 195.216.148.18
              Bank Copy pdf.exeGet hashmaliciousBrowse
              • 195.216.148.21
              8ClxEvJqX2.exeGet hashmaliciousBrowse
              • 141.98.16.169
              pre-orderX26.1.2023.xlsGet hashmaliciousBrowse
              • 141.98.16.169
              SqzIdNdUeI.exeGet hashmaliciousBrowse
              • 160.202.77.61
              AWB# 771041096568.exeGet hashmaliciousBrowse
              • 141.98.16.169
              2FhepOGQj37Wiy9.exeGet hashmaliciousBrowse
              • 141.98.16.169
              Vadesiz Hesap - 3620-1083113.exeGet hashmaliciousBrowse
              • 194.50.194.136
              sSB5yHCWJg.elfGet hashmaliciousBrowse
              • 208.166.51.213
              U4OJ1nTj2g.elfGet hashmaliciousBrowse
              • 185.187.170.213
              x0QSH1b7vH.elfGet hashmaliciousBrowse
              • 67.227.105.197
              Dhl 00238847673.exeGet hashmaliciousBrowse
              • 194.50.197.57
              Dhl shipment 753456792445.exeGet hashmaliciousBrowse
              • 194.50.197.57
              SecuriteInfo.com.Win32.InjectorX-gen.5219.3582.exeGet hashmaliciousBrowse
              • 31.187.72.243

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat

              Download File
              Process:C:\Users\user\Desktop\y5S5mjkeeT.exe
              File Type:data
              Category:dropped
              Size (bytes):232
              Entropy (8bit):7.024371743172393
              Encrypted:false
              SSDEEP:6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9
              MD5:32D0AAE13696FF7F8AF33B2D22451028
              SHA1:EF80C4E0DB2AE8EF288027C9D3518E6950B583A4
              SHA-256:5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29
              SHA-512:1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5
              Malicious:false
              Reputation:high, very likely benign file
              Preview:Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.

              C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

              Download File
              Process:C:\Users\user\Desktop\y5S5mjkeeT.exe
              File Type:data
              Category:dropped
              Size (bytes):8
              Entropy (8bit):3.0
              Encrypted:false
              SSDEEP:3:rp7Ct:97Ct
              MD5:6602AD2CC29FF0BA2F41F77E34D8C70B
              SHA1:421CF7B8DA0FC0D3B3EAA2478340979D4ACDD3D3
              SHA-256:2B75E59E1B8A3F6A3C370C4E6613B4398C4D2E6EB6900A6A5D5641B24DE242B8
              SHA-512:58385CF719E41FDF4F718E2B760342DCD7B6DF6E453B9AF87FF4D7622D47A3457C5B064DF45E3CC29577B762A79E80DE224EAE04753F3C7D948FAD2C77CC3586
              Malicious:true
              Reputation:low
              Preview:....'..H

              C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin

              Download File
              Process:C:\Users\user\Desktop\y5S5mjkeeT.exe
              File Type:data
              Category:dropped
              Size (bytes):40
              Entropy (8bit):5.221928094887364
              Encrypted:false
              SSDEEP:3:9bzY6oRDMjmPl:RzWDMCd
              MD5:AE0F5E6CE7122AF264EC533C6B15A27B
              SHA1:1265A495C42EED76CC043D50C60C23297E76CCE1
              SHA-256:73B0B92179C61C26589B47E9732CE418B07EDEE3860EE5A2A5FB06F3B8AA9B26
              SHA-512:DD44C2D24D4E3A0F0B988AD3D04683B5CB128298043134649BBE33B2512CE0C9B1A8E7D893B9F66FBBCDD901E2B0646C4533FB6C0C8C4AFCB95A0EFB95D446F8
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:9iH...}Z.4..f..... 8.j....|.&X..e.F.*.

              C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat

              Download File
              Process:C:\Users\user\Desktop\y5S5mjkeeT.exe
              File Type:data
              Category:dropped
              Size (bytes):327432
              Entropy (8bit):7.99938831605763
              Encrypted:true
              SSDEEP:6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
              MD5:7E8F4A764B981D5B82D1CC49D341E9C6
              SHA1:D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
              SHA-256:0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
              SHA-512:880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
              Malicious:false
              Reputation:moderate, very likely benign file
              Preview:pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.)*.....{B.[...y%.*..i.Q.<..xt.X..H.. ..HF7g...I.*3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^*I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.|i4...i...;O...n.?.,. ....v?.5}.OY@.dG|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`|.B....3.....I..o...u1..8i=.z.W..7

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386, for MS Windows
              Entropy (8bit):7.23200002479828
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
              • Win32 Executable (generic) a (10002005/4) 49.97%
              • Generic Win/DOS Executable (2004/3) 0.01%
              • DOS Executable Generic (2002/1) 0.01%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:y5S5mjkeeT.exe
              File size:287232
              MD5:373dfd91476ca6648beeb235d30cf54f
              SHA1:ea13a1f8343bba2d074402360613937325b5c32d
              SHA256:86f42645b20ddd4fd363bab53bd0a6c3ea69dac332b403e975837b71e3f57126
              SHA512:56616cd15aad98bbf9791802f472aa29ec46ef2bdcd7d34160066fb62383563dd27a0b7410bc7e2ecb19e072bffe43f8f230c42f9d1fdc019e4423b496e96be8
              SSDEEP:6144:BCteODDmzKRgLV6Bta6dtJmakIM50MJSftp3:Be3+XLV6BtpmkKcX3
              TLSH:2754CF1277E1843EE2AF4939146186A2873ED5E29D93FBDF26C8157B0F213D04A175E3
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[<..5o..5o..5o..6n..5o..0n,.5o..1n..5o".1n..5o".6n..5o".0n..5o...o..5o..4n..5o..4o..5o,.<n..5o,..o..5o,.7n..5oRich..5o.......

              File Icon

              Icon Hash:00828e8e8686b000

              Static PE Info

              General

              Entrypoint:0x401896
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:TERMINAL_SERVER_AWARE
              Time Stamp:0x63DA5523 [Wed Feb 1 12:03:47 2023 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:6
              OS Version Minor:0
              File Version Major:6
              File Version Minor:0
              Subsystem Version Major:6
              Subsystem Version Minor:0
              Import Hash:12115494f2c86ccfa8a7bf3471dfac33

              Entrypoint Preview

              Instruction
              call 00007FF080B37434h
              jmp 00007FF080B36F8Fh
              retn 0000h
              push ebp
              mov ebp, esp
              push dword ptr [ebp+08h]
              call 00007FF080B3778Ch
              pop ecx
              pop ebp
              ret
              push ebp
              mov ebp, esp
              test byte ptr [ebp+08h], 00000001h
              push esi
              mov esi, ecx
              mov dword ptr [esi], 0040E1B8h
              je 00007FF080B3711Ch
              push 0000000Ch
              push esi
              call 00007FF080B370EDh
              pop ecx
              pop ecx
              mov eax, esi
              pop esi
              pop ebp
              retn 0004h
              cmp ecx, dword ptr [00415010h]
              jne 00007FF080B37113h
              ret
              jmp 00007FF080B37785h
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              push ecx
              lea ecx, dword ptr [esp+08h]
              sub ecx, eax
              and ecx, 0Fh
              add eax, ecx
              sbb ecx, ecx
              or eax, ecx
              pop ecx
              jmp 00007FF080B3785Fh
              push ecx
              lea ecx, dword ptr [esp+08h]
              sub ecx, eax
              and ecx, 07h
              add eax, ecx
              sbb ecx, ecx
              or eax, ecx
              pop ecx
              jmp 00007FF080B37849h
              push ebp
              mov ebp, esp
              mov eax, dword ptr [ebp+08h]
              push esi
              mov ecx, dword ptr [eax+3Ch]
              add ecx, eax
              movzx eax, word ptr [ecx+14h]
              lea edx, dword ptr [ecx+18h]
              add edx, eax
              movzx eax, word ptr [ecx+06h]
              imul esi, eax, 28h
              add esi, edx
              cmp edx, esi
              je 00007FF080B3712Bh
              mov ecx, dword ptr [ebp+0Ch]
              cmp ecx, dword ptr [edx+0Ch]
              jc 00007FF080B3711Ch
              mov eax, dword ptr [edx+08h]
              add eax, dword ptr [edx+0Ch]
              cmp ecx, eax
              jc 00007FF080B3711Eh
              add edx, 28h
              cmp edx, esi
              jne 00007FF080B370FCh
              xor eax, eax
              pop esi
              pop ebp
              ret
              mov eax, edx

              Rich Headers

              Programming Language:
              • [IMP] VS2008 build 21022

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x139b40x78.rdata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x170000x32a58.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
              IMAGE_DIRECTORY_ENTRY_DEBUG0x12e580x38.rdata
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x12d980x40.rdata
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0xe0000x160.rdata
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000xc4930xc600False0.6120778093434344data6.57306328085809IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rdata0xe0000x61100x6200False0.41597576530612246DOS executable (COM, 0x8C-variant)4.808433693092438IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .data0x150000x14400xa00False0.159765625data2.106259809673425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .rsrc0x170000x32a580x32c00False0.7681169181034483data7.447963331602537IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountry
              RT_RCDATA0x170580x32a00PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS WindowsEnglishUnited States

              Imports

              DLLImport
              KERNEL32.dllSizeofResource, GetCommandLineW, VirtualAlloc, FreeResource, LockResource, LoadResource, FindResourceW, ExitProcess, GetModuleHandleW, DecodePointer, WriteConsoleW, CloseHandle, CreateFileW, SetFilePointerEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, HeapReAlloc, HeapSize, GetProcessHeap, LCMapStringW, LocalFree, GetLastError, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetCurrentProcess, TerminateProcess, RaiseException, RtlUnwind, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, GetStdHandle, WriteFile, GetModuleFileNameW, GetModuleHandleExW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetFileType, GetStringTypeW
              SHELL32.dllCommandLineToArgvW
              ole32.dllCoInitialize
              OLEAUT32.dllSafeArrayDestroy, VariantInit, SysAllocString, SafeArrayPutElement, SafeArrayUnaccessData, SafeArrayCreate, SafeArrayCreateVector, SafeArrayAccessData, VariantClear
              mscoree.dllCLRCreateInstance

              Possible Origin

              Language of compilation systemCountry where language is spokenMap
              EnglishUnited States

              Network Behavior

              Snort IDS Alerts

              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
              192.168.2.4193.31.30.1384970813652816766 02/03/23-21:42:59.229875TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497081365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384971113652816766 02/03/23-21:43:19.733201TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497111365192.168.2.4193.31.30.138
              193.31.30.138192.168.2.41365496992810290 02/03/23-21:42:04.491586TCP2810290ETPRO TROJAN NanoCore RAT Keepalive Response 1136549699193.31.30.138192.168.2.4
              192.168.2.4193.31.30.1384969713652816766 02/03/23-21:41:49.032872TCP2816766ETPRO TROJAN NanoCore RAT CnC 7496971365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384971313652816766 02/03/23-21:43:31.846870TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497131365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384971413652816766 02/03/23-21:43:40.390732TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497141365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384969913652816766 02/03/23-21:42:05.379552TCP2816766ETPRO TROJAN NanoCore RAT CnC 7496991365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384970613652816766 02/03/23-21:42:46.809122TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497061365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384971513652816718 02/03/23-21:43:47.109782TCP2816718ETPRO TROJAN NanoCore RAT Keep-Alive Beacon497151365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384970013652816766 02/03/23-21:42:12.402796TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497001365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384970213652816766 02/03/23-21:42:24.557049TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497021365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384970713652816766 02/03/23-21:42:52.867818TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497071365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384971213652816766 02/03/23-21:43:25.903398TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497121365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384971013652816766 02/03/23-21:43:12.596267TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497101365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384970913652816766 02/03/23-21:43:05.491256TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497091365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384971513652816766 02/03/23-21:43:47.109782TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497151365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384970113652816718 02/03/23-21:42:18.551673TCP2816718ETPRO TROJAN NanoCore RAT Keep-Alive Beacon497011365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384970513652816766 02/03/23-21:42:39.610403TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497051365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384969813652816766 02/03/23-21:41:56.401742TCP2816766ETPRO TROJAN NanoCore RAT CnC 7496981365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384970313652816766 02/03/23-21:42:31.593254TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497031365192.168.2.4193.31.30.138
              192.168.2.4193.31.30.1384970113652816766 02/03/23-21:42:18.551673TCP2816766ETPRO TROJAN NanoCore RAT CnC 7497011365192.168.2.4193.31.30.138

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Feb 3, 2023 21:41:47.736622095 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:47.767405987 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:47.767559052 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:47.827353954 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:47.862744093 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:47.870424032 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:47.901398897 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:47.940917015 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.008342981 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.008390903 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.008414984 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.008440018 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.008457899 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.008549929 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.039361954 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.039414883 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.039447069 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.039479971 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.039510965 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.039535999 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.039562941 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.039591074 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.039625883 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.039644957 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.039673090 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.039693117 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.039716005 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.070477962 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070528030 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070560932 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070591927 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070611954 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.070647955 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.070662975 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070710897 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070744038 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070763111 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.070792913 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070822954 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070846081 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.070871115 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070900917 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070930004 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.070946932 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070977926 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.070992947 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.071024895 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.071055889 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.071072102 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.071110010 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.071134090 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.071157932 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.101938009 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.101994038 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102029085 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102062941 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102088928 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102108955 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102138042 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102170944 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102202892 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102217913 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102250099 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102284908 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102299929 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102332115 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102365017 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102380991 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102412939 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102444887 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102458954 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102490902 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102523088 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102535963 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102566957 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102601051 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102615118 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102647066 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102678061 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102706909 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102745056 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102777958 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102792978 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102823973 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102859020 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102873087 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102904081 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102936983 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.102951050 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.102979898 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.103013039 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.103039980 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.103064060 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.103099108 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.103112936 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.103143930 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.103178978 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.103193045 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.103225946 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.103254080 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.103295088 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134094954 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134149075 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134201050 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134229898 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134258032 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134288073 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134311914 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134329081 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134354115 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134380102 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134392977 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134413004 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134424925 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134445906 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134469986 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134496927 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134505033 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134527922 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134552002 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134576082 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134603024 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134612083 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134635925 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134660006 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134670973 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134712934 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134721994 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134746075 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134773016 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134784937 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134807110 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134833097 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134849072 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134867907 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134891987 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134906054 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134927988 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134953976 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.134970903 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.134994984 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135024071 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135036945 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135061979 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135087967 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135103941 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135126114 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135152102 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135169029 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135191917 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135219097 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135234118 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135261059 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135287046 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135299921 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135324001 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135349035 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135363102 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135386944 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135413885 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135431051 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135453939 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135473967 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135505915 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135514975 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135540962 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135570049 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135581017 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135606050 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135632992 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135649920 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135673046 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135699034 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135713100 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.135739088 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135759115 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.135780096 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.166529894 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166575909 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166605949 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166639090 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.166660070 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166688919 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166712999 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.166743994 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166774035 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166788101 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.166816950 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166846037 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166858912 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.166883945 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166914940 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166929007 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.166955948 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166985035 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.166996956 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167025089 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167052031 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167068958 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167095900 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167124033 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167150974 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167165041 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167195082 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167207003 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167233944 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167263985 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167277098 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167303085 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167324066 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167340994 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167363882 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167392969 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167421103 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167433977 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167460918 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167490005 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167501926 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167530060 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167557955 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167572975 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167599916 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167627096 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167649031 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167670012 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167696953 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167709112 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167736053 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167764902 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167776108 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167803049 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167829990 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167843103 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167870045 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167897940 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167910099 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.167937994 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167964935 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.167978048 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.168004990 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168030977 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168042898 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.168071032 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168098927 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168109894 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.168137074 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168164968 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168176889 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.168204069 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168232918 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168246984 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.168275118 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168296099 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.168325901 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199083090 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199136972 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199173927 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199214935 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199229002 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199269056 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199280977 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199316025 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199348927 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199363947 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199398994 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199433088 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199448109 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199481010 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199512959 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199526072 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199558020 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199590921 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199604988 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199635983 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199667931 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199681997 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199713945 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199745893 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199759007 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199790955 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199824095 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199836969 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199868917 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199901104 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199914932 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.199949026 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199980974 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.199995041 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200026989 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200052977 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200071096 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200099945 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200133085 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200165987 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200180054 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200212002 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200244904 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200261116 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200294018 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200326920 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200340033 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200371981 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200403929 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200417995 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200449944 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200484037 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200498104 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200530052 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200562954 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200577021 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200608969 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200643063 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200656891 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200690031 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200722933 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200737000 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200768948 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200800896 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200815916 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200845957 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200877905 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200892925 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.200925112 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200958014 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.200972080 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.201004982 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.201039076 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.201051950 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.201082945 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.201107979 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.201139927 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.231919050 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.231970072 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232001066 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232029915 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232054949 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232081890 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232095957 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232125044 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232155085 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232187033 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232197046 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232223988 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232239008 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232264996 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232292891 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232319117 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232335091 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232362032 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232378960 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232402086 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232429028 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232445002 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232470036 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232496977 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232512951 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232534885 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232566118 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232584953 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232610941 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232640028 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232665062 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232677937 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232707024 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232733011 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232744932 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232780933 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232795000 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232820988 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232847929 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232866049 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232886076 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232904911 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232927084 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.232944012 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232970953 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.232996941 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233021021 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233041048 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233072996 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233089924 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233110905 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233136892 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233166933 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233175993 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233201981 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233226061 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233241081 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233268023 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233298063 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233309031 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233333111 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233350992 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233372927 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233401060 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233416080 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233442068 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233469963 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233483076 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233513117 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233541012 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233555079 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233581066 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233608961 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233622074 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233649969 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233679056 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233690977 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233721018 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233750105 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233762980 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233791113 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233819962 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233834028 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233860970 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233886003 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233903885 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233927965 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233954906 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.233968019 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.233994961 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234020948 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234035969 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.234059095 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234082937 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234100103 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.234122992 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234143019 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234165907 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.234185934 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234213114 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234241962 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234257936 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.234287024 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234313011 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:48.234328985 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:48.274995089 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:49.032871962 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:49.115591049 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:49.576226950 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:49.662499905 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:49.726535082 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:49.775082111 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:49.805856943 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:49.853235006 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:49.899012089 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:49.990545988 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:49.991497993 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:50.022414923 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:50.031002045 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:50.061753988 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:50.103312016 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:50.149151087 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:50.240417004 CET136549697193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:50.266005039 CET496971365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:54.572204113 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:54.603163004 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:54.603359938 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:54.603925943 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:54.639153957 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:54.639393091 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:54.670752048 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:54.678293943 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:54.756184101 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:54.820167065 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:54.838155985 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:54.869065046 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:54.870429993 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:54.901550055 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:54.901712894 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:54.932792902 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:54.933054924 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:55.021900892 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:55.397469997 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:55.490571976 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:56.401741982 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:41:56.490575075 CET136549698193.31.30.138192.168.2.4
              Feb 3, 2023 21:41:57.439903021 CET496981365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:02.255083084 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:02.286102057 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:02.286319017 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:02.824734926 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:02.860481977 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:02.860693932 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:02.943676949 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:02.959978104 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:02.991097927 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:03.198146105 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:04.339978933 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:04.428359985 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:04.428514004 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:04.491585970 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:04.492743015 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:04.523662090 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:04.524384022 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:04.555497885 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:04.555651903 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:04.586618900 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:04.671721935 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:04.756334066 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:05.379551888 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:05.475102901 CET136549699193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:06.391372919 CET496991365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:10.636794090 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:10.667812109 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:10.667977095 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:10.668488026 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:10.704108953 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:10.704369068 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:10.735399008 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:10.743411064 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:10.834280968 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:10.898087025 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:10.905359030 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:10.936455965 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:10.980015993 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:11.011431932 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:11.058212042 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:11.090585947 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:11.111916065 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:11.142949104 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:11.143073082 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:11.174042940 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:11.214385986 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:11.372262001 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:11.459247112 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:11.459352970 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:11.553018093 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:12.402796030 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:12.490653038 CET136549700193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:13.403258085 CET497001365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:17.613204002 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:17.645677090 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:17.645850897 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:17.646311998 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:17.685669899 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:17.686028004 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:17.717006922 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:17.725805998 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:17.803133011 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:17.882441044 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:17.885376930 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:17.916316986 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:17.917105913 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:17.948009014 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:17.963359118 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:17.994447947 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:18.043147087 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:18.073919058 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:18.121278048 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:18.135416985 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:18.224920034 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:18.551672935 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:18.631131887 CET136549701193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:19.487859011 CET497011365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:23.576004982 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:23.607059956 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:23.607198000 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:23.607693911 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:23.643923044 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:23.644268036 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:23.675285101 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:23.695842028 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:23.771866083 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:23.851480961 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:23.852446079 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:23.883490086 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:23.884553909 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:23.915852070 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:23.916029930 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:23.947108984 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:23.947643995 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:24.037637949 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:24.557049036 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:24.631398916 CET136549702193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:25.544168949 CET497021365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:29.654349089 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:29.685379028 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:29.685834885 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:29.757191896 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:29.792634010 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:29.820123911 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:29.851188898 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:29.903496981 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:29.918083906 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:30.006405115 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:30.070058107 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:30.073559046 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:30.104561090 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:30.105635881 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:30.136858940 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:30.137042999 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:30.168355942 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:30.216078043 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:30.219989061 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:30.303252935 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:30.592772961 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:30.678215027 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:31.593254089 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:31.680002928 CET136549703193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:32.591954947 CET497031365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:36.848339081 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:36.879189968 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:36.879370928 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:37.208455086 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:37.244227886 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:37.244386911 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:37.334491968 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:37.334649086 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:37.365660906 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:37.466681004 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:37.720969915 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:37.803004980 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:37.866632938 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:37.945729017 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:37.976564884 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:38.169876099 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:38.630230904 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:38.661279917 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:38.779279947 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:38.823704004 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:38.854832888 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:38.854918003 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:38.943748951 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:39.375807047 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:39.459944963 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:39.610403061 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:39.693924904 CET136549705193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:40.770229101 CET497051365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:44.950391054 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:44.981395006 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:44.981524944 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:45.024995089 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:45.061966896 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:45.062256098 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:45.093363047 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:45.100178957 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:45.193794966 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:45.383218050 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:45.383955002 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:45.414808035 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:45.415616989 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:45.446645975 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:45.446796894 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:45.478030920 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:45.529827118 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:45.814055920 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:45.897147894 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:46.809122086 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:46.897017002 CET136549706193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:47.812233925 CET497061365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:51.966263056 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:51.997121096 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:51.997317076 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:51.998016119 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:52.032557964 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:52.032804966 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:52.063836098 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:52.092737913 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:52.177997112 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:52.241832018 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:52.276473999 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:52.307379007 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:52.332210064 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:52.363406897 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:52.390479088 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:52.421930075 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:52.422112942 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:52.508514881 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:52.867818117 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:52.959403038 CET136549707193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:53.843673944 CET497071365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.276490927 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.307044983 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:58.307146072 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.307564020 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.342555046 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:58.403773069 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.434678078 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:58.486360073 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.568644047 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:58.632142067 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:58.633281946 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.663929939 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:58.664789915 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.695657015 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:58.695863008 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.726449013 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:58.726533890 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:58.818489075 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:42:59.229875088 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:42:59.318603039 CET136549708193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:00.229242086 CET497081365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:04.293256998 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:04.326086998 CET136549709193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:04.326364040 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:04.327085018 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:04.362091064 CET136549709193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:04.362611055 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:04.395296097 CET136549709193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:04.410430908 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:04.506325006 CET136549709193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:04.570096970 CET136549709193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:04.571145058 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:04.602489948 CET136549709193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:04.603357077 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:04.636390924 CET136549709193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:04.636658907 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:04.671025991 CET136549709193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:04.719033003 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:05.491255999 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:05.584479094 CET136549709193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:06.393747091 CET497091365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:11.459127903 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:11.489985943 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:11.490123987 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:11.515161991 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:11.552366972 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:11.552719116 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:11.583764076 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:11.591692924 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:11.677882910 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:11.741770029 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:11.742842913 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:11.773528099 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:11.813318968 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:12.016936064 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:12.047766924 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:12.047854900 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:12.078658104 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:12.125842094 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:12.596266985 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:12.677968025 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:12.943458080 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:13.037517071 CET136549710193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:14.056340933 CET497101365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:18.427572012 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:18.458935976 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:18.459028959 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:18.528613091 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:18.564574957 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:18.648843050 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:18.679877043 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:18.679975986 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:18.771960020 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:18.772054911 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:18.865670919 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:18.913556099 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:18.914510012 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:18.945349932 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:18.950922012 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:18.982795000 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:18.983066082 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:19.014149904 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:19.095328093 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:19.733201027 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:19.818728924 CET136549711193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:20.659624100 CET497111365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:24.811140060 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:24.842093945 CET136549712193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:24.842971087 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:24.843544960 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:24.878223896 CET136549712193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:24.881372929 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:24.912734032 CET136549712193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:24.950601101 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:25.037575960 CET136549712193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:25.102250099 CET136549712193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:25.136759996 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:25.167587996 CET136549712193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:25.168443918 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:25.199424028 CET136549712193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:25.199665070 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:25.230731010 CET136549712193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:25.283341885 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:25.903398037 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:25.990760088 CET136549712193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:26.815490007 CET497121365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:30.877011061 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:30.907963991 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:30.908173084 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:30.908572912 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:30.945259094 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:30.945529938 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:30.976322889 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:30.988842964 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:31.084362984 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:31.132361889 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:31.133280993 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:31.164355993 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:31.166987896 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:31.198126078 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:31.198249102 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:31.229367018 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:31.232448101 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:31.318778038 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:31.846869946 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:31.928105116 CET136549713193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:32.949856997 CET497131365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:38.903167009 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:38.933950901 CET136549714193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:38.938786030 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:39.125194073 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:39.163254976 CET136549714193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:39.265285015 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:39.296240091 CET136549714193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:39.394825935 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:40.157280922 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:40.240691900 CET136549714193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:40.304877996 CET136549714193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:40.390732050 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:40.421603918 CET136549714193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:40.423907995 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:40.506197929 CET136549714193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:40.506556034 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:40.537390947 CET136549714193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:40.592924118 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:40.623580933 CET136549714193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:40.792923927 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:41.538283110 CET497141365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.046665907 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.077588081 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:46.077718019 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.078303099 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.113476992 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:46.133652925 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.164681911 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:46.174931049 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.259793997 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:46.321863890 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:46.322873116 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.353827000 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:46.354912043 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.385914087 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:46.386068106 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.417186975 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:46.417371988 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:46.506045103 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:47.109781981 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:47.193788052 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:47.256901979 CET136549715193.31.30.138192.168.2.4
              Feb 3, 2023 21:43:47.301632881 CET497151365192.168.2.4193.31.30.138
              Feb 3, 2023 21:43:48.036655903 CET497151365192.168.2.4193.31.30.138

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Feb 3, 2023 21:41:47.617677927 CET6110553192.168.2.48.8.8.8
              Feb 3, 2023 21:41:47.726037979 CET53611058.8.8.8192.168.2.4
              Feb 3, 2023 21:41:54.462160110 CET5657253192.168.2.48.8.8.8
              Feb 3, 2023 21:41:54.570615053 CET53565728.8.8.8192.168.2.4
              Feb 3, 2023 21:42:02.165841103 CET5091153192.168.2.48.8.8.8
              Feb 3, 2023 21:42:02.185260057 CET53509118.8.8.8192.168.2.4
              Feb 3, 2023 21:42:10.527328968 CET5968353192.168.2.48.8.8.8
              Feb 3, 2023 21:42:10.635206938 CET53596838.8.8.8192.168.2.4
              Feb 3, 2023 21:42:17.503186941 CET6416753192.168.2.48.8.8.8
              Feb 3, 2023 21:42:17.612194061 CET53641678.8.8.8192.168.2.4
              Feb 3, 2023 21:42:23.556287050 CET5856553192.168.2.48.8.8.8
              Feb 3, 2023 21:42:23.573895931 CET53585658.8.8.8192.168.2.4
              Feb 3, 2023 21:42:29.631659985 CET5223953192.168.2.48.8.8.8
              Feb 3, 2023 21:42:29.651169062 CET53522398.8.8.8192.168.2.4
              Feb 3, 2023 21:42:36.714261055 CET6100753192.168.2.48.8.8.8
              Feb 3, 2023 21:42:36.822813034 CET53610078.8.8.8192.168.2.4
              Feb 3, 2023 21:42:44.822813034 CET6068653192.168.2.48.8.8.8
              Feb 3, 2023 21:42:44.933650970 CET53606868.8.8.8192.168.2.4
              Feb 3, 2023 21:42:51.855578899 CET6112453192.168.2.48.8.8.8
              Feb 3, 2023 21:42:51.965101004 CET53611248.8.8.8192.168.2.4
              Feb 3, 2023 21:42:58.257174015 CET5944453192.168.2.48.8.8.8
              Feb 3, 2023 21:42:58.274904966 CET53594448.8.8.8192.168.2.4
              Feb 3, 2023 21:43:04.272181988 CET5557053192.168.2.48.8.8.8
              Feb 3, 2023 21:43:04.290086985 CET53555708.8.8.8192.168.2.4
              Feb 3, 2023 21:43:11.236901045 CET6490653192.168.2.48.8.8.8
              Feb 3, 2023 21:43:11.344033957 CET53649068.8.8.8192.168.2.4
              Feb 3, 2023 21:43:18.225169897 CET5944653192.168.2.48.8.8.8
              Feb 3, 2023 21:43:18.331922054 CET53594468.8.8.8192.168.2.4
              Feb 3, 2023 21:43:24.699109077 CET5086153192.168.2.48.8.8.8
              Feb 3, 2023 21:43:24.808834076 CET53508618.8.8.8192.168.2.4
              Feb 3, 2023 21:43:30.858347893 CET6108853192.168.2.48.8.8.8
              Feb 3, 2023 21:43:30.875803947 CET53610888.8.8.8192.168.2.4
              Feb 3, 2023 21:43:38.119927883 CET5872953192.168.2.48.8.8.8
              Feb 3, 2023 21:43:38.140450001 CET53587298.8.8.8192.168.2.4
              Feb 3, 2023 21:43:45.889375925 CET6470053192.168.2.48.8.8.8
              Feb 3, 2023 21:43:45.998934984 CET53647008.8.8.8192.168.2.4

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Feb 3, 2023 21:41:47.617677927 CET192.168.2.48.8.8.80x8d6bStandard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:41:54.462160110 CET192.168.2.48.8.8.80x749fStandard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:02.165841103 CET192.168.2.48.8.8.80xf42aStandard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:10.527328968 CET192.168.2.48.8.8.80xab67Standard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:17.503186941 CET192.168.2.48.8.8.80x86c1Standard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:23.556287050 CET192.168.2.48.8.8.80x32fStandard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:29.631659985 CET192.168.2.48.8.8.80xdc17Standard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:36.714261055 CET192.168.2.48.8.8.80x9ccdStandard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:44.822813034 CET192.168.2.48.8.8.80x692aStandard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:51.855578899 CET192.168.2.48.8.8.80x7413Standard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:58.257174015 CET192.168.2.48.8.8.80xbf29Standard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:04.272181988 CET192.168.2.48.8.8.80xe458Standard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:11.236901045 CET192.168.2.48.8.8.80x95beStandard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:18.225169897 CET192.168.2.48.8.8.80x830Standard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:24.699109077 CET192.168.2.48.8.8.80x633dStandard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:30.858347893 CET192.168.2.48.8.8.80xab63Standard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:38.119927883 CET192.168.2.48.8.8.80x1186Standard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:45.889375925 CET192.168.2.48.8.8.80x929aStandard query (0)thesopranos.duckdns.orgA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Feb 3, 2023 21:41:47.726037979 CET8.8.8.8192.168.2.40x8d6bNo error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:41:54.570615053 CET8.8.8.8192.168.2.40x749fNo error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:02.185260057 CET8.8.8.8192.168.2.40xf42aNo error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:10.635206938 CET8.8.8.8192.168.2.40xab67No error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:17.612194061 CET8.8.8.8192.168.2.40x86c1No error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:23.573895931 CET8.8.8.8192.168.2.40x32fNo error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:29.651169062 CET8.8.8.8192.168.2.40xdc17No error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:36.822813034 CET8.8.8.8192.168.2.40x9ccdNo error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:44.933650970 CET8.8.8.8192.168.2.40x692aNo error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:51.965101004 CET8.8.8.8192.168.2.40x7413No error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:42:58.274904966 CET8.8.8.8192.168.2.40xbf29No error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:04.290086985 CET8.8.8.8192.168.2.40xe458No error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:11.344033957 CET8.8.8.8192.168.2.40x95beNo error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:18.331922054 CET8.8.8.8192.168.2.40x830No error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:24.808834076 CET8.8.8.8192.168.2.40x633dNo error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:30.875803947 CET8.8.8.8192.168.2.40xab63No error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:38.140450001 CET8.8.8.8192.168.2.40x1186No error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false
              Feb 3, 2023 21:43:45.998934984 CET8.8.8.8192.168.2.40x929aNo error (0)thesopranos.duckdns.org193.31.30.138A (IP address)IN (0x0001)false

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              System Behavior

              General

              Target ID:0
              Start time:21:41:44
              Start date:03/02/2023
              Path:C:\Users\user\Desktop\y5S5mjkeeT.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\Desktop\y5S5mjkeeT.exe
              Imagebase:0x400000
              File size:287232 bytes
              MD5 hash:373DFD91476CA6648BEEB235D30CF54F
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:.Net C# or VB.NET
              Yara matches:
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.591400044.0000000006700000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.584289317.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
              • Rule: NanoCore, Description: unknown, Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000000.308497709.0000000000417000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.588584381.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.577068847.0000000002370000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.590600725.00000000064E0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.584289317.00000000036F3000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.588659937.0000000005750000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.590898245.0000000006670000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.591085546.00000000066A0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.591269043.00000000066E0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.584289317.0000000003423000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000003.315773906.00000000058A0000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
              • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.575470850.0000000000791000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.591123017.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.591723771.0000000006750000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.591453188.0000000006710000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.591032122.0000000006690000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.591217464.00000000066D0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: MALWARE_Win_NanoCore, Description: Detects NanoCore, Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.591156955.00000000066C0000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.584289317.0000000003474000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
              • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth (Nextron Systems)
              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
              • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.587124164.0000000004872000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
              • Rule: Windows_Trojan_Nanocore_d8c4e3c5, Description: unknown, Source: 00000000.00000002.577636560.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
              Reputation:low

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:5.7%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:0%
                Total number of Nodes:11
                Total number of Limit Nodes:2
                execution_graph 686 5c10968 688 5c10978 686->688 687 5c109b2 688->687 690 5c10c78 688->690 691 5c10ccf 690->691 693 5c10c88 690->693 695 5c10d50 691->695 692 5c10cdc 692->687 693->687 696 5c10da3 695->696 697 5c10e0f GetCurrentThreadId 696->697 698 5c10ddf 696->698 697->698

                Callgraph

                Executed Functions

                Function 05C10D50 Relevance: 1.6, APIs: 1, Instructions: 91threadCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 0 5c10d50-5c10dbc 4 5c10dc9-5c10ddd 0->4 5 5c10dbe-5c10dc7 0->5 11 5c10df9-5c10e03 4->11 12 5c10ddf-5c10df7 4->12 8 5c10e05-5c10e07 5->8 10 5c10e0f-5c10e3d GetCurrentThreadId 8->10 13 5c10e46-5c10e6b 10->13 14 5c10e3f-5c10e45 10->14 11->8 15 5c10e6d-5c10e71 12->15 13->15 14->13 17 5c10e73 15->17 18 5c10e7c 15->18 17->18
                APIs
                • GetCurrentThreadId.KERNEL32 ref: 05C10E29
                Memory Dump Source
                • Source File: 00000000.00000002.590008948.0000000005C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C00000, based on PE: true
                • Associated: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5c00000_y5S5mjkeeT.jbxd
                Yara matches
                Similarity
                • API ID: CurrentThread
                • String ID:
                • API String ID: 2882836952-0
                • Opcode ID: da5ec0f4a471d66411bf486afcaca5fb1fd7f9d0dc7842723e8f4b1ca8feddb3
                • Instruction ID: 4bca2ce93c7256c870c98178a1150d397b3b31f47ca1a7c67e5f328197deaa60
                • Opcode Fuzzy Hash: da5ec0f4a471d66411bf486afcaca5fb1fd7f9d0dc7842723e8f4b1ca8feddb3
                • Instruction Fuzzy Hash: BE316F74E00218DFCB24DF6AD448BADBBF5AF49714F14886AE805B7350CB745885CF95
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Function 05C002B0 Relevance: 1.3, Instructions: 1300COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 135 5c002b0-5c00372 136 5c00374 135->136 137 5c00376-5c0061a 135->137 136->137 147 5c00623-5c006b6 137->147 148 5c0061c-5c00621 137->148 150 5c006f6-5c00701 147->150 151 5c006b8-5c006c4 147->151 148->147 152 5c00703 150->152 151->152 155 5c006c6-5c006d8 151->155 154 5c00708-5c007cb 152->154 162 5c00806-5c009ed 154->162 163 5c007cd-5c00800 154->163 155->154 159 5c006da-5c006f3 155->159 159->150 170 5c009f0-5c009ff 162->170 171 5c00a01-5c00a0a 162->171 163->162 170->171 172 5c00a0c-5c00a1b 171->172 173 5c00a1e-5c00aa0 171->173 172->173 177 5c00aa2-5c00abf 173->177 178 5c00b1f-5c00b32 173->178 181 5c00ad0-5c00ad2 177->181 182 5c00ac1-5c00ace 177->182 179 5c00b34-5c00b43 178->179 180 5c00b46-5c00c8d call 5c024ee 178->180 179->180 189 5c00c99-5c00cad 180->189 190 5c00c8f-5c00c98 180->190 182->181 192 5c00cae 189->192 191 5c00c9a-5c00cb9 190->191 190->192 195 5c00cc5-5c00cd9 191->195 196 5c00cbb-5c00cbf 191->196 193 5c00cb0-5c00cb9 192->193 194 5c00cc4 192->194 193->195 193->196 197 5c00cda-5c00cde 194->197 198 5c00cc6-5c00cde 194->198 195->197 196->194 199 5c00cf5-5c00d05 197->199 200 5c00cdf-5c00cf4 197->200 198->199 201 5c00ce0-5c00d05 198->201 202 5c00d07-5c00d95 199->202 200->199 201->202 204 5c00d97-5c00dac 202->204 205 5c00dae-5c00de1 202->205 204->205
                Memory Dump Source
                • Source File: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, Offset: 05C00000, based on PE: true
                • Associated: 00000000.00000002.590008948.0000000005C10000.00000040.00000800.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5c00000_y5S5mjkeeT.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 416e57209f7044292ff9a8481d89f3cb63053b575111480f415a2b5512ee419a
                • Instruction ID: 091474abf5cef500480bcd6b8c52ffdab860ade65bff8a3d8bfc8ec669308db1
                • Opcode Fuzzy Hash: 416e57209f7044292ff9a8481d89f3cb63053b575111480f415a2b5512ee419a
                • Instruction Fuzzy Hash: D6B21D6280E3D28FCB138B788CB96917FB0AE5721471F49DBC4C0DF0A7E518695AD762
                Uniqueness

                Uniqueness Score: -1.00%

                Function 05C002AD Relevance: .9, Instructions: 884COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 207 5c002ad-5c00372 208 5c00374 207->208 209 5c00376-5c0061a 207->209 208->209 219 5c00623-5c006b6 209->219 220 5c0061c-5c00621 209->220 222 5c006f6-5c00701 219->222 223 5c006b8-5c006c4 219->223 220->219 224 5c00703 222->224 223->224 227 5c006c6-5c006d8 223->227 226 5c00708-5c007cb 224->226 234 5c00806-5c009ed 226->234 235 5c007cd-5c00800 226->235 227->226 231 5c006da-5c006f3 227->231 231->222 242 5c009f0-5c009ff 234->242 243 5c00a01-5c00a0a 234->243 235->234 242->243 244 5c00a0c-5c00a1b 243->244 245 5c00a1e-5c00aa0 243->245 244->245 249 5c00aa2-5c00abf 245->249 250 5c00b1f-5c00b32 245->250 253 5c00ad0-5c00ad2 249->253 254 5c00ac1-5c00ace 249->254 251 5c00b34-5c00b43 250->251 252 5c00b46-5c00c8d call 5c024ee 250->252 251->252 261 5c00c99-5c00cad 252->261 262 5c00c8f-5c00c98 252->262 254->253 264 5c00cae 261->264 263 5c00c9a-5c00cb9 262->263 262->264 267 5c00cc5-5c00cd9 263->267 268 5c00cbb-5c00cbf 263->268 265 5c00cb0-5c00cb9 264->265 266 5c00cc4 264->266 265->267 265->268 269 5c00cda-5c00cde 266->269 270 5c00cc6-5c00cde 266->270 267->269 268->266 271 5c00cf5-5c00d05 269->271 272 5c00cdf-5c00cf4 269->272 270->271 273 5c00ce0-5c00d05 270->273 274 5c00d07-5c00d95 271->274 272->271 273->274 276 5c00d97-5c00dac 274->276 277 5c00dae-5c00de1 274->277 276->277
                Memory Dump Source
                • Source File: 00000000.00000002.589932608.0000000005C00000.00000004.08000000.00040000.00000000.sdmp, Offset: 05C00000, based on PE: true
                • Associated: 00000000.00000002.590008948.0000000005C10000.00000040.00000800.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5c00000_y5S5mjkeeT.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24b57acea8cfdf06341b9238f76ecc00a108207cdd41fbda8fca8b4526a10407
                • Instruction ID: ad2ab3d2d959ac0d619aa5b8a6530d1e5acae0ca41168c24e9a80ecf9795b086
                • Opcode Fuzzy Hash: 24b57acea8cfdf06341b9238f76ecc00a108207cdd41fbda8fca8b4526a10407
                • Instruction Fuzzy Hash: DF72FB6240E3D28FCB134B788CB96917FB09E6721471F4ACBC4C0DF4A7E528695AD762
                Uniqueness

                Uniqueness Score: -1.00%