Source: |
Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\exe\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Accessibility.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdbCw? source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdbRSDS source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb$ source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.PDBs source: MSBuild.exe, 00000002.00000002.3246919937.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n0C:\Windows\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb( source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.00000000010E8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\MSBuild.pdbpdbild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Xml.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: o.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdbZE source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: %%.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.3246919937.0000000001170000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.3246919937.0000000001163000.00000004.00000020.00020000.00000000.sdmp, WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Management.ni.pdbRSDSJ< source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Drawing.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.pdbH source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Management.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\exe\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Management.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbSx, source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: symbols\dll\mscorlib.pdbLb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.pdb' source: MSBuild.exe, 00000002.00000002.3246919937.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER24F5.tmp.dmp.9.dr |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.221.240 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.159.36.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.159.36.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.159.36.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.159.36.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 162.159.36.2 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 67.215.224.133 |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e23ff70.5.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e22a9e8.4.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e23ff70.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e22a9e8.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000002.00000002.3246247886.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000000.00000002.1693833580.000002544BC00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: 00000000.00000002.1694534154.000002544E000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects AsyncRAT Author: ditekSHen |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B980C50 |
0_2_00007FF78B980C50 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B97DFD0 |
0_2_00007FF78B97DFD0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B969340 |
0_2_00007FF78B969340 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B978200 |
0_2_00007FF78B978200 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B976190 |
0_2_00007FF78B976190 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B97D16A |
0_2_00007FF78B97D16A |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B978830 |
0_2_00007FF78B978830 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B971520 |
0_2_00007FF78B971520 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B974CD9 |
0_2_00007FF78B974CD9 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B985C20 |
0_2_00007FF78B985C20 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B987C79 |
0_2_00007FF78B987C79 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98BBA0 |
0_2_00007FF78B98BBA0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78BA17BA0 |
0_2_00007FF78BA17BA0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B97FB40 |
0_2_00007FF78B97FB40 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78BA12AC0 |
0_2_00007FF78BA12AC0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B994A40 |
0_2_00007FF78B994A40 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B966A50 |
0_2_00007FF78B966A50 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B956A50 |
0_2_00007FF78B956A50 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B979A50 |
0_2_00007FF78B979A50 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9899C3 |
0_2_00007FF78B9899C3 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B961A00 |
0_2_00007FF78B961A00 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98F960 |
0_2_00007FF78B98F960 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9680D0 |
0_2_00007FF78B9680D0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78BA200E0 |
0_2_00007FF78BA200E0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B96EFE0 |
0_2_00007FF78B96EFE0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B983F60 |
0_2_00007FF78B983F60 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98BEA0 |
0_2_00007FF78B98BEA0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B97FDD0 |
0_2_00007FF78B97FDD0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B972D30 |
0_2_00007FF78B972D30 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9744D0 |
0_2_00007FF78B9744D0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98B4F0 |
0_2_00007FF78B98B4F0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B97A420 |
0_2_00007FF78B97A420 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B959430 |
0_2_00007FF78B959430 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78BA03480 |
0_2_00007FF78BA03480 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B960470 |
0_2_00007FF78B960470 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B981470 |
0_2_00007FF78B981470 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9583C4 |
0_2_00007FF78B9583C4 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98D320 |
0_2_00007FF78B98D320 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B984390 |
0_2_00007FF78B984390 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B970360 |
0_2_00007FF78B970360 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B982370 |
0_2_00007FF78B982370 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9892CE |
0_2_00007FF78B9892CE |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9852E0 |
0_2_00007FF78B9852E0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78BA2E240 |
0_2_00007FF78BA2E240 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B958220 |
0_2_00007FF78B958220 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98F280 |
0_2_00007FF78B98F280 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9891B0 |
0_2_00007FF78B9891B0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B991200 |
0_2_00007FF78B991200 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B975200 |
0_2_00007FF78B975200 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98B180 |
0_2_00007FF78B98B180 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B96E8A0 |
0_2_00007FF78B96E8A0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B95A8B0 |
0_2_00007FF78B95A8B0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9B1910 |
0_2_00007FF78B9B1910 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9888D9 |
0_2_00007FF78B9888D9 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B97A850 |
0_2_00007FF78B97A850 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98A7B0 |
0_2_00007FF78B98A7B0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98C800 |
0_2_00007FF78B98C800 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9767F0 |
0_2_00007FF78B9767F0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B962750 |
0_2_00007FF78B962750 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B97B6B0 |
0_2_00007FF78B97B6B0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B973640 |
0_2_00007FF78B973640 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B9835C0 |
0_2_00007FF78B9835C0 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B976610 |
0_2_00007FF78B976610 |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Code function: 0_2_00007FF78B98E540 |
0_2_00007FF78B98E540 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Code function: 2_2_00FFEB98 |
2_2_00FFEB98 |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe |
Binary or memory string: OriginalFilename vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe, 00000000.00000002.1694534154.000002544EA00000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameSYSWIN32TaskStartPromise.dllR vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe, 00000000.00000002.1697528084.00007FF78BADF000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameSYSWIN32TaskStartPromise.dllR vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe, 00000000.00000002.1693833580.000002544BC00000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameSYSWIN32TaskStartPromise.dllR vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe, 00000000.00000002.1693833580.000002544BC00000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameXClient2.exe4 vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe, 00000000.00000002.1694534154.000002544E000000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameSYSWIN32TaskStartPromise.dllR vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe, 00000000.00000002.1694534154.000002544E000000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameXClient2.exe4 vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe, 00000000.00000002.1693833580.000002544BF88000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameSYSWIN32TaskStartPromise.dllR vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe |
Binary or memory string: OriginalFilenameSYSWIN32TaskStartPromise.dllR vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: rPROFORMAINVOICE-PO_ATS_1036.exe.0.dr |
Binary or memory string: OriginalFilenameSYSWIN32TaskStartPromise.dllR vs rPROFORMAINVOICE-PO_ATS_1036.exe |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e23ff70.5.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e22a9e8.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e23ff70.5.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e22a9e8.4.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000002.00000002.3246247886.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000000.00000002.1693833580.000002544BC00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: 00000000.00000002.1694534154.000002544E000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\rPROFORMAINVOICE-PO_ATS_1036.exe |
Section loaded: icu.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: |
Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\exe\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Accessibility.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdbCw? source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdbRSDS source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb$ source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.PDBs source: MSBuild.exe, 00000002.00000002.3246919937.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n0C:\Windows\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb( source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.00000000010E8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\MSBuild.pdbpdbild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Xml.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: o.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdbZE source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: %%.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Windows.Forms.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.3246919937.0000000001170000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.3246919937.0000000001163000.00000004.00000020.00020000.00000000.sdmp, WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Management.ni.pdbRSDSJ< source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Drawing.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.pdbH source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Management.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\exe\MSBuild.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Management.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbSx, source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: symbols\dll\mscorlib.pdbLb source: MSBuild.exe, 00000002.00000002.3249101557.000000000540A000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.pdb' source: MSBuild.exe, 00000002.00000002.3246919937.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.ni.pdb source: WER24F5.tmp.dmp.9.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER24F5.tmp.dmp.9.dr |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{Settings.Host,Settings.Port,Settings.SPL,Settings.KEY,Helper.ID()}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{Pack[2],Helper.Decompress(Helper.SB(Pack[3]))}}, (string[])null, (Type[])null, (bool[])null, true) |
Source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.raw.unpack, Messages.cs |
.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[1] { Pack[2] }}, (string[])null, (Type[])null, (bool[])null, true) |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File Volume queried: C:\ FullSizeInformation |
Jump to behavior |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.9.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.9.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.9.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.9.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: MSBuild.exe, 00000002.00000002.3246919937.000000000112D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.9.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.9.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.9.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.9.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.9.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.9.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.9.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.9.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e23ff70.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e22a9e8.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e23ff70.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e22a9e8.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.3246247886.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1693833580.000002544BC00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1694534154.000002544E000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: rPROFORMAINVOICE-PO_ATS_1036.exe PID: 6180, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: MSBuild.exe PID: 3756, type: MEMORYSTR |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e23ff70.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e22a9e8.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544bf12d90.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e23ff70.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.rPROFORMAINVOICE-PO_ATS_1036.exe.2544e22a9e8.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.3246247886.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1693833580.000002544BC00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1694534154.000002544E000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: rPROFORMAINVOICE-PO_ATS_1036.exe PID: 6180, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: MSBuild.exe PID: 3756, type: MEMORYSTR |