Source: MSBuild.exe, 00000003.00000002.1523018849.0000000002941000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1525299232.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1525299232.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1525299232.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1525299232.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490044573.0000000012689000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1523018849.000000000298A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1523018849.0000000002BBA000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1521055612.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://discord.com/api/v9/users/ |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1525299232.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1525299232.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1525299232.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1487067677.00000000008A7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://investdirectinsurance.com/ |
Source: Ycj3d5NMhc.exe |
String found in binary or memory: https://investdirectinsurance.com/assuence/litesolidCha/Victim_SID.bd |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1487067677.0000000000857000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://investdirectinsurance.com/assuence/litesolidCha/Victim_SID.bd4 |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1487067677.0000000000857000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://investdirectinsurance.com/assuence/litesolidCha/Victim_SID.bdP |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1487067677.0000000000857000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://investdirectinsurance.com/assuence/litesolidCha/Victim_SID.bdj |
Source: Ycj3d5NMhc.exe |
String found in binary or memory: https://investdirectinsurance.com/assuence/litesolidCha/Zopi.bd |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490876841.000000001B618000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://investdirectinsurance.com/m |
Source: MSBuild.exe, 00000003.00000002.1523018849.0000000002941000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490044573.0000000012689000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1523018849.0000000002941000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1521055612.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/json |
Source: MSBuild.exe, 00000003.00000002.1523018849.000000000298A000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1523018849.0000000002986000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1523018849.0000000002AA9000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://ipinfo.io/missingauth |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1525299232.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.1525299232.0000000003BF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EBA92A |
3_2_00EBA92A |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EBC2B0 |
3_2_00EBC2B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EBE4F0 |
3_2_00EBE4F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EB26F2 |
3_2_00EB26F2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EBD6D0 |
3_2_00EBD6D0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EB1FF8 |
3_2_00EB1FF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EB8FF7 |
3_2_00EB8FF7 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EB9782 |
3_2_00EB9782 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EBE061 |
3_2_00EBE061 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EBE070 |
3_2_00EBE070 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EBE4E0 |
3_2_00EBE4E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_00EBD6C0 |
3_2_00EBD6C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_05923F50 |
3_2_05923F50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_05926868 |
3_2_05926868 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_0592CBC8 |
3_2_0592CBC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_05926FF8 |
3_2_05926FF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_05926FE8 |
3_2_05926FE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_05999430 |
3_2_05999430 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_05995868 |
3_2_05995868 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_05997AB0 |
3_2_05997AB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_0599EAE8 |
3_2_0599EAE8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059DD598 |
3_2_059DD598 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D55F0 |
3_2_059D55F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D24B0 |
3_2_059D24B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D3CF2 |
3_2_059D3CF2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D7F48 |
3_2_059D7F48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059DBE88 |
3_2_059DBE88 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D06F0 |
3_2_059D06F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D5E20 |
3_2_059D5E20 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D2E5F |
3_2_059D2E5F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D8E52 |
3_2_059D8E52 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059DF8C0 |
3_2_059DF8C0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D58C2 |
3_2_059D58C2 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D9B28 |
3_2_059D9B28 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059DB320 |
3_2_059DB320 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D4348 |
3_2_059D4348 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D8A8F |
3_2_059D8A8F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D0D90 |
3_2_059D0D90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059DD589 |
3_2_059DD589 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D24A0 |
3_2_059D24A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059D06E0 |
3_2_059D06E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059DA640 |
3_2_059DA640 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059DBE78 |
3_2_059DBE78 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059DC19F |
3_2_059DC19F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 3_2_059DD378 |
3_2_059DD378 |
Source: unknown |
Process created: C:\Users\user\Desktop\Ycj3d5NMhc.exe "C:\Users\user\Desktop\Ycj3d5NMhc.exe" |
|
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process created: C:\Windows\SysWOW64\wbem\WMIC.exe "wmic" csproduct get UUID |
|
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process created: C:\Windows\SysWOW64\wbem\WMIC.exe "wmic" csproduct get UUID |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: msxml6.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: vbscript.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\wbem\WMIC.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD6E4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD504 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7ADA04 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD6C4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7ADAA4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD0E4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD784 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD384 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD424 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AE654 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD304 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD924 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD244 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD2E4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD7A4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD664 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD944 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD744 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD324 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AF3F4 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AF314 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD544 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
API/Special instruction interceptor: Address: 7FFBCB7AD1A4 |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: ms.portal.azure.comVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: discord.comVMware20,11696494690f |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: AMC password management pageVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office.comVMware20,11696494690s |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.comVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: netportal.hdfcbank.comVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: interactivebrokers.co.inVMware20,11696494690d |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: account.microsoft.com/profileVMware20,11696494690u |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: outlook.office365.comVMware20,11696494690t |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1487067677.0000000000857000.00000004.00000020.00020000.00000000.sdmp, Ycj3d5NMhc.exe, 00000000.00000002.1490876841.000000001B618000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.comVMware20,11696494690} |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^ |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1530669703.0000000006FC0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: tasks.office.comVMware20,11696494690o |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~ |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1521409264.0000000000C07000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllo |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: dev.azure.comVMware20,11696494690j |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: global block list test formVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: turbotax.intuit.comVMware20,11696494690t |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: bankofamerica.comVMware20,11696494690x |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696494690} |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - HKVMware20,11696494690] |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Canara Transaction PasswordVMware20,11696494690x |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690 |
Source: MSBuild.exe, 00000003.00000002.1525299232.0000000003C39000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: secure.bankofamerica.comVMware20,11696494690|UE |
Source: Ycj3d5NMhc.exe, ThemeManager.cs |
Reference to suspicious API methods: Application.Current.TryFindResource((object)new ComponentResourceKey(typeof(NavigationPane), (object)"ActiveTheme")) |
Source: 0.2.Ycj3d5NMhc.exe.12689ac0.2.raw.unpack, ParentProcessUtil.cs |
Reference to suspicious API methods: NativeMethods.OpenProcess(PROCESS_QUERY_INFORMATION, bInheritHandle: false, (uint)id) |
Source: 0.2.Ycj3d5NMhc.exe.12689ac0.2.raw.unpack, FireFoxDecryptor.cs |
Reference to suspicious API methods: KernelLoadLibrary64(GeckoResourcePath + "nss3.dll") |
Source: 0.2.Ycj3d5NMhc.exe.12689ac0.2.raw.unpack, FireFoxDecryptor.cs |
Reference to suspicious API methods: HeavensGate.GetProcAddress64(NSS3, "NSS_Init") |
Source: 0.2.Ycj3d5NMhc.exe.12689ac0.2.raw.unpack, FireFoxDecryptor.cs |
Reference to suspicious API methods: HeavensGate.GetProcAddress64(num, "VirtualProtectEx") |
Source: 0.2.Ycj3d5NMhc.exe.12689ac0.2.raw.unpack, FireFoxDecryptor.cs |
Reference to suspicious API methods: HeavensGate.GetProcAddress64(num, "WriteProcessMemory") |
Source: 0.2.Ycj3d5NMhc.exe.12689ac0.2.raw.unpack, HeavensGateProcessor.cs |
Reference to suspicious API methods: NativeMethods.ReadProcessMemory(lpTargetHandle, (uint)processParameters, intPtr, (uint)Marshal.SizeOf(typeof(ulong)), ref lpNumberOfBytesRead) |
Source: C:\Users\user\Desktop\Ycj3d5NMhc.exe |
Queries volume information: C:\Users\user\Desktop\Ycj3d5NMhc.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation |
Jump to behavior |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490044573.0000000012689000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: ElectrumLTC_config_file |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490044573.0000000012689000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: ElectronCash_config_file |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490044573.0000000012689000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: Jaxx LibertyAaiaifbiceejhhkfbjdgonjgljkpcdhch |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490044573.0000000012689000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: ElectrumLTC_config_file |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490044573.0000000012689000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: Exodus_directory |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490044573.0000000012689000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: Ethereum_directory |
Source: Ycj3d5NMhc.exe, 00000000.00000002.1490044573.0000000012689000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: keystore |