c62943499b7fed80bf4e37ab525b622ef4fb7cc6b82ddb7b8d6fe75dabcaf363

General

Target

000000090000-0990.exe
Size

1.5MB
MD5

dca3732857d10782f68df4c3e1b757a9
SHA1

95a0c95fee10a8e37fb0bcabff6e4b10924285d2
SHA256

c62943499b7fed80bf4e37ab525b622ef4fb7cc6b82ddb7b8d6fe75dabcaf363
SHA512

5ada13a7e67d59e38d57fccddac36cad71d2ccfff45945cc1274d310ecf4a79f756e865526a1d9d672d6200d0ae4215e5b7754b0b29e88debb5f9db873154ea0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

1572 schtasks.exe

pid	process
1572	schtasks.exe

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe

pid	process
1676	000000090000-0990.exe
1692	000000090000-0990.exe
792	000000090000-0990.exe
1200	000000090000-0990.exe
980	000000090000-0990.exe
632	000000090000-0990.exe
572	000000090000-0990.exe
1356	000000090000-0990.exe
972	000000090000-0990.exe
1620	000000090000-0990.exe
1052	000000090000-0990.exe
564	000000090000-0990.exe
1172	000000090000-0990.exe
668	000000090000-0990.exe
1848	000000090000-0990.exe
656	000000090000-0990.exe
1932	000000090000-0990.exe
1712	000000090000-0990.exe
1780	000000090000-0990.exe
1604	000000090000-0990.exe
1672	000000090000-0990.exe
1540	000000090000-0990.exe
272	000000090000-0990.exe
1812	000000090000-0990.exe
800	000000090000-0990.exe
360	000000090000-0990.exe
940	000000090000-0990.exe
1484	000000090000-0990.exe
848	000000090000-0990.exe
936	000000090000-0990.exe
924	000000090000-0990.exe
1444	000000090000-0990.exe
1252	000000090000-0990.exe
1104	000000090000-0990.exe
1740	000000090000-0990.exe
1824	000000090000-0990.exe
760	000000090000-0990.exe
1948	000000090000-0990.exe
1088	000000090000-0990.exe
1716	000000090000-0990.exe
1552	000000090000-0990.exe
316	000000090000-0990.exe
1708	000000090000-0990.exe
1256	000000090000-0990.exe
1520	000000090000-0990.exe
916	000000090000-0990.exe
1080	000000090000-0990.exe
432	000000090000-0990.exe
368	000000090000-0990.exe
112	000000090000-0990.exe
956	000000090000-0990.exe
820	000000090000-0990.exe
1536	000000090000-0990.exe
928	000000090000-0990.exe
544	000000090000-0990.exe
1664	000000090000-0990.exe
1052	000000090000-0990.exe
560	000000090000-0990.exe
884	000000090000-0990.exe
1172	000000090000-0990.exe
668	000000090000-0990.exe
1848	000000090000-0990.exe
1584	000000090000-0990.exe
1932	000000090000-0990.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

000000090000-0990.execmd.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe000000090000-0990.exe

description	pid	process	target process
PID 1676 wrote to memory of 1704	1676	000000090000-0990.exe	cmd.exe
PID 1676 wrote to memory of 1704	1676	000000090000-0990.exe	cmd.exe
PID 1676 wrote to memory of 1704	1676	000000090000-0990.exe	cmd.exe
PID 1676 wrote to memory of 1704	1676	000000090000-0990.exe	cmd.exe
PID 1704 wrote to memory of 1572	1704	cmd.exe	schtasks.exe
PID 1704 wrote to memory of 1572	1704	cmd.exe	schtasks.exe
PID 1704 wrote to memory of 1572	1704	cmd.exe	schtasks.exe
PID 1704 wrote to memory of 1572	1704	cmd.exe	schtasks.exe
PID 1676 wrote to memory of 1636	1676	000000090000-0990.exe	MSBuild.exe
PID 1676 wrote to memory of 1636	1676	000000090000-0990.exe	MSBuild.exe
PID 1676 wrote to memory of 1636	1676	000000090000-0990.exe	MSBuild.exe
PID 1676 wrote to memory of 1636	1676	000000090000-0990.exe	MSBuild.exe
PID 1676 wrote to memory of 1636	1676	000000090000-0990.exe	MSBuild.exe
PID 1676 wrote to memory of 1692	1676	000000090000-0990.exe	000000090000-0990.exe
PID 1676 wrote to memory of 1692	1676	000000090000-0990.exe	000000090000-0990.exe
PID 1676 wrote to memory of 1692	1676	000000090000-0990.exe	000000090000-0990.exe
PID 1676 wrote to memory of 1692	1676	000000090000-0990.exe	000000090000-0990.exe
PID 1692 wrote to memory of 1648	1692	000000090000-0990.exe	MSBuild.exe
PID 1692 wrote to memory of 1648	1692	000000090000-0990.exe	MSBuild.exe
PID 1692 wrote to memory of 1648	1692	000000090000-0990.exe	MSBuild.exe
PID 1692 wrote to memory of 1648	1692	000000090000-0990.exe	MSBuild.exe
PID 1692 wrote to memory of 1648	1692	000000090000-0990.exe	MSBuild.exe
PID 1692 wrote to memory of 792	1692	000000090000-0990.exe	000000090000-0990.exe
PID 1692 wrote to memory of 792	1692	000000090000-0990.exe	000000090000-0990.exe
PID 1692 wrote to memory of 792	1692	000000090000-0990.exe	000000090000-0990.exe
PID 1692 wrote to memory of 792	1692	000000090000-0990.exe	000000090000-0990.exe
PID 792 wrote to memory of 1092	792	000000090000-0990.exe	MSBuild.exe
PID 792 wrote to memory of 1092	792	000000090000-0990.exe	MSBuild.exe
PID 792 wrote to memory of 1092	792	000000090000-0990.exe	MSBuild.exe
PID 792 wrote to memory of 1092	792	000000090000-0990.exe	MSBuild.exe
PID 792 wrote to memory of 1200	792	000000090000-0990.exe	000000090000-0990.exe
PID 792 wrote to memory of 1200	792	000000090000-0990.exe	000000090000-0990.exe
PID 792 wrote to memory of 1200	792	000000090000-0990.exe	000000090000-0990.exe
PID 792 wrote to memory of 1200	792	000000090000-0990.exe	000000090000-0990.exe
PID 1200 wrote to memory of 1096	1200	000000090000-0990.exe	MSBuild.exe
PID 1200 wrote to memory of 1096	1200	000000090000-0990.exe	MSBuild.exe
PID 1200 wrote to memory of 1096	1200	000000090000-0990.exe	MSBuild.exe
PID 1200 wrote to memory of 1096	1200	000000090000-0990.exe	MSBuild.exe
PID 1200 wrote to memory of 1096	1200	000000090000-0990.exe	MSBuild.exe
PID 1200 wrote to memory of 980	1200	000000090000-0990.exe	000000090000-0990.exe
PID 1200 wrote to memory of 980	1200	000000090000-0990.exe	000000090000-0990.exe
PID 1200 wrote to memory of 980	1200	000000090000-0990.exe	000000090000-0990.exe
PID 1200 wrote to memory of 980	1200	000000090000-0990.exe	000000090000-0990.exe
PID 980 wrote to memory of 436	980	000000090000-0990.exe	MSBuild.exe
PID 980 wrote to memory of 436	980	000000090000-0990.exe	MSBuild.exe
PID 980 wrote to memory of 436	980	000000090000-0990.exe	MSBuild.exe
PID 980 wrote to memory of 436	980	000000090000-0990.exe	MSBuild.exe
PID 980 wrote to memory of 436	980	000000090000-0990.exe	MSBuild.exe
PID 980 wrote to memory of 632	980	000000090000-0990.exe	000000090000-0990.exe
PID 980 wrote to memory of 632	980	000000090000-0990.exe	000000090000-0990.exe
PID 980 wrote to memory of 632	980	000000090000-0990.exe	000000090000-0990.exe
PID 980 wrote to memory of 632	980	000000090000-0990.exe	000000090000-0990.exe
PID 632 wrote to memory of 1492	632	000000090000-0990.exe	MSBuild.exe
PID 632 wrote to memory of 1492	632	000000090000-0990.exe	MSBuild.exe
PID 632 wrote to memory of 1492	632	000000090000-0990.exe	MSBuild.exe
PID 632 wrote to memory of 1492	632	000000090000-0990.exe	MSBuild.exe
PID 632 wrote to memory of 1492	632	000000090000-0990.exe	MSBuild.exe
PID 632 wrote to memory of 572	632	000000090000-0990.exe	000000090000-0990.exe
PID 632 wrote to memory of 572	632	000000090000-0990.exe	000000090000-0990.exe
PID 632 wrote to memory of 572	632	000000090000-0990.exe	000000090000-0990.exe
PID 632 wrote to memory of 572	632	000000090000-0990.exe	000000090000-0990.exe
PID 572 wrote to memory of 1156	572	000000090000-0990.exe	MSBuild.exe
PID 572 wrote to memory of 1156	572	000000090000-0990.exe	MSBuild.exe
PID 572 wrote to memory of 1156	572	000000090000-0990.exe	MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /Create /TN name /XML "C:\Users\Admin\AppData\Local\Temp\39f3642c01e5456a9e5b83f9a108aa0b.xml"
2⤵
- Suspicious use of WriteProcessMemory
PID:1704

C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /TN name /XML "C:\Users\Admin\AppData\Local\Temp\39f3642c01e5456a9e5b83f9a108aa0b.xml"
3⤵
- Creates scheduled task(s)
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
2⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
2⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
3⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
3⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
4⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
4⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1200

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
5⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
5⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
6⤵
PID:436

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
6⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
7⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
7⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
8⤵
PID:1156

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
8⤵
- Suspicious behavior: MapViewOfSection
PID:1356

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
9⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
9⤵
- Suspicious behavior: MapViewOfSection
PID:972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
10⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
10⤵
- Suspicious behavior: MapViewOfSection
PID:1620

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
11⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
11⤵
- Suspicious behavior: MapViewOfSection
PID:1052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
12⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
12⤵
- Suspicious behavior: MapViewOfSection
PID:564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
13⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
13⤵
- Suspicious behavior: MapViewOfSection
PID:1172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
14⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
14⤵
- Suspicious behavior: MapViewOfSection
PID:668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
15⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
15⤵
- Suspicious behavior: MapViewOfSection
PID:1848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
16⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
16⤵
- Suspicious behavior: MapViewOfSection
PID:656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
17⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
17⤵
- Suspicious behavior: MapViewOfSection
PID:1932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
18⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
18⤵
- Suspicious behavior: MapViewOfSection
PID:1712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
19⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
19⤵
- Suspicious behavior: MapViewOfSection
PID:1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
20⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
20⤵
- Suspicious behavior: MapViewOfSection
PID:1604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
21⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
21⤵
- Suspicious behavior: MapViewOfSection
PID:1672

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
22⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
22⤵
- Suspicious behavior: MapViewOfSection
PID:1540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
23⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
23⤵
- Suspicious behavior: MapViewOfSection
PID:272

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
24⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
24⤵
- Suspicious behavior: MapViewOfSection
PID:1812

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
25⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
25⤵
- Suspicious behavior: MapViewOfSection
PID:800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
26⤵
PID:432

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
26⤵
- Suspicious behavior: MapViewOfSection
PID:360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
27⤵
PID:368

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
27⤵
- Suspicious behavior: MapViewOfSection
PID:940

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
28⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
28⤵
- Suspicious behavior: MapViewOfSection
PID:1484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
29⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
29⤵
- Suspicious behavior: MapViewOfSection
PID:848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
30⤵
PID:820

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
30⤵
- Suspicious behavior: MapViewOfSection
PID:936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
31⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
31⤵
- Suspicious behavior: MapViewOfSection
PID:924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
32⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
32⤵
- Suspicious behavior: MapViewOfSection
PID:1444

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
33⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
33⤵
- Suspicious behavior: MapViewOfSection
PID:1252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
34⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
34⤵
- Suspicious behavior: MapViewOfSection
PID:1104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
35⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
35⤵
- Suspicious behavior: MapViewOfSection
PID:1740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
36⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
36⤵
- Suspicious behavior: MapViewOfSection
PID:1824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
37⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
37⤵
- Suspicious behavior: MapViewOfSection
PID:760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
38⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
38⤵
- Suspicious behavior: MapViewOfSection
PID:1948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
39⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
39⤵
- Suspicious behavior: MapViewOfSection
PID:1088

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
40⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
40⤵
- Suspicious behavior: MapViewOfSection
PID:1716

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
41⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
41⤵
- Suspicious behavior: MapViewOfSection
PID:1552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
42⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
42⤵
- Suspicious behavior: MapViewOfSection
PID:316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
43⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
43⤵
- Suspicious behavior: MapViewOfSection
PID:1708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
44⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
44⤵
- Suspicious behavior: MapViewOfSection
PID:1256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
45⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
45⤵
- Suspicious behavior: MapViewOfSection
PID:1520

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
46⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
46⤵
- Suspicious behavior: MapViewOfSection
PID:916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
47⤵
PID:272

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
47⤵
- Suspicious behavior: MapViewOfSection
PID:1080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
48⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
48⤵
- Suspicious behavior: MapViewOfSection
PID:432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
49⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
49⤵
- Suspicious behavior: MapViewOfSection
PID:368

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
50⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
50⤵
- Suspicious behavior: MapViewOfSection
PID:112

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
51⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
51⤵
- Suspicious behavior: MapViewOfSection
PID:956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
52⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
52⤵
- Suspicious behavior: MapViewOfSection
PID:820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
53⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
53⤵
- Suspicious behavior: MapViewOfSection
PID:1536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
54⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
54⤵
- Suspicious behavior: MapViewOfSection
PID:928

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
55⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
55⤵
- Suspicious behavior: MapViewOfSection
PID:544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
56⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
56⤵
- Suspicious behavior: MapViewOfSection
PID:1664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
57⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
57⤵
- Suspicious behavior: MapViewOfSection
PID:1052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
58⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
58⤵
- Suspicious behavior: MapViewOfSection
PID:560

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
59⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
59⤵
- Suspicious behavior: MapViewOfSection
PID:884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
60⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
60⤵
- Suspicious behavior: MapViewOfSection
PID:1172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
61⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
61⤵
- Suspicious behavior: MapViewOfSection
PID:668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
62⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
62⤵
- Suspicious behavior: MapViewOfSection
PID:1848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
63⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
63⤵
- Suspicious behavior: MapViewOfSection
PID:1584

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
64⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
64⤵
- Suspicious behavior: MapViewOfSection
PID:1932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
65⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
65⤵
PID:1816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
66⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
66⤵
PID:1412

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
67⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
67⤵
PID:1552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
68⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
68⤵
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
69⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
69⤵
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
70⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
70⤵
PID:1672

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
71⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
71⤵
PID:1648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
72⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
72⤵
PID:1520

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
73⤵
PID:272

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
73⤵
PID:1692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
74⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
74⤵
PID:792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
75⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
75⤵
PID:800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
76⤵
PID:524

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
76⤵
PID:1492

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
77⤵
PID:424

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
77⤵
PID:368

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
78⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
78⤵
PID:880

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
79⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
79⤵
PID:552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
80⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
80⤵
PID:848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
81⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
81⤵
PID:1308

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
82⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
82⤵
PID:1536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
83⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
83⤵
PID:1488

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
84⤵
PID:964

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
84⤵
PID:952

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
85⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
85⤵
PID:948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
86⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
86⤵
PID:2028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
87⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
87⤵
PID:1252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
88⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
88⤵
PID:560

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
89⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
89⤵
PID:900

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
90⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
90⤵
PID:1956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
91⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
91⤵
PID:1960

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
92⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
92⤵
PID:740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
93⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
93⤵
PID:1948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
94⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
94⤵
PID:1616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
95⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
95⤵
PID:604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
96⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
96⤵
PID:2032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
97⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
97⤵
PID:1548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
98⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
98⤵
PID:1120

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
99⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
99⤵
PID:1864

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
100⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
100⤵
PID:2004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
101⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
101⤵
PID:1816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
102⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
102⤵
PID:1412

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
103⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
103⤵
PID:1732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
104⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
104⤵
PID:316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
105⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
105⤵
PID:1708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
106⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
106⤵
PID:1540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
107⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
107⤵
PID:1280

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
108⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
108⤵
PID:272

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
109⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
109⤵
PID:1096

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
110⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
110⤵
PID:1080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
111⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
111⤵
PID:432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
112⤵
PID:360

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
112⤵
PID:1200

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
113⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
113⤵
PID:1484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
114⤵
PID:1156

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
114⤵
PID:572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
115⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
115⤵
PID:1628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
116⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
116⤵
PID:820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
117⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
117⤵
PID:1056

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
118⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
118⤵
PID:924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
119⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
119⤵
PID:964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
120⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
120⤵
PID:544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
121⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
121⤵
PID:976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
122⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
122⤵
PID:1328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
123⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
123⤵
PID:1532

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
124⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
124⤵
PID:1220

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
125⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
125⤵
PID:1060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
126⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
126⤵
PID:1740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
127⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
127⤵
PID:2044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
128⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
128⤵
PID:1764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
129⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
129⤵
PID:308

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
130⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
130⤵
PID:868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
131⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
131⤵
PID:1584

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
132⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
132⤵
PID:1148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
133⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
133⤵
PID:1544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
134⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
134⤵
PID:1792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
135⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
135⤵
PID:1428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
136⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
136⤵
PID:1748

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
137⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
137⤵
PID:1712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
138⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
138⤵
PID:1580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
139⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
139⤵
PID:1720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
140⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
140⤵
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
141⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
141⤵
PID:1676

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
142⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
142⤵
PID:1704

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
143⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
143⤵
PID:568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
144⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
144⤵
PID:888

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
145⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe
"C:\Users\Admin\AppData\Local\Temp\000000090000-0990.exe"
145⤵
PID:1812

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\39f3642c01e5456a9e5b83f9a108aa0b.xml
MD5
a035055e1c80bc652520df45650c690f

SHA1
37b8364ad46e17199eb5a7ee89bb506bba384adb

SHA256
2b9948d34674d0fc0f9cb290da8298441b56205f6e341e3cfa1954df42c2b655

SHA512
678279d1bfc8a71c27a5a2c3afa5fd266882a62610863a3e4ebc2489f17827ed4c680c89e6b8b52621320500294d2df9888259ccdc5d38def43e739c1f325fc1

Download Submit
memory/112-54-0x0000000000000000-mapping.dmp

Download
memory/272-27-0x0000000000000000-mapping.dmp

Download
memory/316-46-0x0000000000000000-mapping.dmp

Download
memory/360-30-0x0000000000000000-mapping.dmp

Download
memory/368-53-0x0000000000000000-mapping.dmp

Download
memory/432-52-0x0000000000000000-mapping.dmp

Download
memory/544-59-0x0000000000000000-mapping.dmp

Download
memory/560-62-0x0000000000000000-mapping.dmp

Download
memory/564-16-0x0000000000000000-mapping.dmp

Download
memory/572-11-0x0000000000000000-mapping.dmp

Download
memory/632-10-0x0000000000000000-mapping.dmp

Download
memory/656-20-0x0000000000000000-mapping.dmp

Download
memory/668-65-0x0000000000000000-mapping.dmp

Download
memory/668-18-0x0000000000000000-mapping.dmp

Download
memory/760-41-0x0000000000000000-mapping.dmp

Download
memory/792-7-0x0000000000000000-mapping.dmp

Download
memory/800-29-0x0000000000000000-mapping.dmp

Download
memory/820-56-0x0000000000000000-mapping.dmp

Download
memory/848-33-0x0000000000000000-mapping.dmp

Download
memory/884-63-0x0000000000000000-mapping.dmp

Download
memory/916-50-0x0000000000000000-mapping.dmp

Download
memory/924-35-0x0000000000000000-mapping.dmp

Download
memory/928-58-0x0000000000000000-mapping.dmp

Download
memory/936-34-0x0000000000000000-mapping.dmp

Download
memory/940-31-0x0000000000000000-mapping.dmp

Download
memory/956-55-0x0000000000000000-mapping.dmp

Download
memory/972-13-0x0000000000000000-mapping.dmp

Download
memory/980-9-0x0000000000000000-mapping.dmp

Download
memory/1052-61-0x0000000000000000-mapping.dmp

Download
memory/1052-15-0x0000000000000000-mapping.dmp

Download
memory/1080-51-0x0000000000000000-mapping.dmp

Download
memory/1088-43-0x0000000000000000-mapping.dmp

Download
memory/1104-38-0x0000000000000000-mapping.dmp

Download
memory/1172-17-0x0000000000000000-mapping.dmp

Download
memory/1172-64-0x0000000000000000-mapping.dmp

Download
memory/1200-8-0x0000000000000000-mapping.dmp

Download
memory/1252-37-0x0000000000000000-mapping.dmp

Download
memory/1256-48-0x0000000000000000-mapping.dmp

Download
memory/1356-12-0x0000000000000000-mapping.dmp

Download
memory/1444-36-0x0000000000000000-mapping.dmp

Download
memory/1484-32-0x0000000000000000-mapping.dmp

Download
memory/1520-49-0x0000000000000000-mapping.dmp

Download
memory/1536-57-0x0000000000000000-mapping.dmp

Download
memory/1540-26-0x0000000000000000-mapping.dmp

Download
memory/1552-45-0x0000000000000000-mapping.dmp

Download
memory/1572-4-0x0000000000000000-mapping.dmp

Download
memory/1584-67-0x0000000000000000-mapping.dmp

Download
memory/1604-24-0x0000000000000000-mapping.dmp

Download
memory/1620-14-0x0000000000000000-mapping.dmp

Download
memory/1664-60-0x0000000000000000-mapping.dmp

Download
memory/1672-25-0x0000000000000000-mapping.dmp

Download
memory/1676-2-0x0000000075F21000-0x0000000075F23000-memory.dmp

Filesize
8KB

Download
memory/1692-6-0x0000000000000000-mapping.dmp

Download
memory/1704-3-0x0000000000000000-mapping.dmp

Download
memory/1708-47-0x0000000000000000-mapping.dmp

Download
memory/1712-22-0x0000000000000000-mapping.dmp

Download
memory/1716-44-0x0000000000000000-mapping.dmp

Download
memory/1740-39-0x0000000000000000-mapping.dmp

Download
memory/1780-23-0x0000000000000000-mapping.dmp

Download
memory/1812-28-0x0000000000000000-mapping.dmp

Download
memory/1824-40-0x0000000000000000-mapping.dmp

Download
memory/1848-66-0x0000000000000000-mapping.dmp

Download
memory/1848-19-0x0000000000000000-mapping.dmp

Download
memory/1932-21-0x0000000000000000-mapping.dmp

Download
memory/1948-42-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads