a8f2984d5f05f009985afc0368ed1203380b3df4676996140a57011365108aac

General

Target

INVOICE-099990.exe
Size

600KB
MD5

0a73075a58f055c2af0403ee35887b65
SHA1

c1b30a2d00436ff430153a80adf64b0c0005d774
SHA256

a8f2984d5f05f009985afc0368ed1203380b3df4676996140a57011365108aac
SHA512

59e8af8503822bb5ef0d04ada0a1d0b3c08f5cc74878d64e26457db2757e759dc47ff8329e2612d610ac2fc35fd6fb57435620b74733e8a565f7b20f24201cb1

Score

5^/10

ransomware

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
ransomware

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

1712 schtasks.exe

pid	process
1712	schtasks.exe

Suspicious behavior: MapViewOfSection 169 IoCs

Processes:

INVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exe

pid	process
1632	INVOICE-099990.exe
1816	INVOICE-099990.exe
1664	INVOICE-099990.exe
1664	INVOICE-099990.exe
1096	INVOICE-099990.exe
332	INVOICE-099990.exe
332	INVOICE-099990.exe
556	INVOICE-099990.exe
744	INVOICE-099990.exe
964	INVOICE-099990.exe
1032	INVOICE-099990.exe
864	INVOICE-099990.exe
472	INVOICE-099990.exe
1020	INVOICE-099990.exe
836	INVOICE-099990.exe
1012	INVOICE-099990.exe
1824	INVOICE-099990.exe
388	INVOICE-099990.exe
600	INVOICE-099990.exe
1592	INVOICE-099990.exe
1572	INVOICE-099990.exe
1572	INVOICE-099990.exe
1784	INVOICE-099990.exe
1880	INVOICE-099990.exe
1712	INVOICE-099990.exe
1760	INVOICE-099990.exe
1704	INVOICE-099990.exe
1780	INVOICE-099990.exe
272	INVOICE-099990.exe
272	INVOICE-099990.exe
580	INVOICE-099990.exe
580	INVOICE-099990.exe
1460	INVOICE-099990.exe
328	INVOICE-099990.exe
328	INVOICE-099990.exe
964	INVOICE-099990.exe
1032	INVOICE-099990.exe
1032	INVOICE-099990.exe
1464	INVOICE-099990.exe
1196	INVOICE-099990.exe
1984	INVOICE-099990.exe
364	INVOICE-099990.exe
344	INVOICE-099990.exe
1820	INVOICE-099990.exe
1944	INVOICE-099990.exe
1104	INVOICE-099990.exe
820	INVOICE-099990.exe
304	INVOICE-099990.exe
1692	INVOICE-099990.exe
1776	INVOICE-099990.exe
1700	INVOICE-099990.exe
1756	INVOICE-099990.exe
1772	INVOICE-099990.exe
1616	INVOICE-099990.exe
528	INVOICE-099990.exe
528	INVOICE-099990.exe
872	INVOICE-099990.exe
1636	INVOICE-099990.exe
1636	INVOICE-099990.exe
268	INVOICE-099990.exe
1468	INVOICE-099990.exe
1324	INVOICE-099990.exe
1120	INVOICE-099990.exe
1120	INVOICE-099990.exe

Suspicious use of WriteProcessMemory 1322 IoCs

Processes:

INVOICE-099990.execmd.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exeINVOICE-099990.exe

description	pid	process	target process
PID 1632 wrote to memory of 1772	1632	INVOICE-099990.exe	cmd.exe
PID 1632 wrote to memory of 1772	1632	INVOICE-099990.exe	cmd.exe
PID 1632 wrote to memory of 1772	1632	INVOICE-099990.exe	cmd.exe
PID 1632 wrote to memory of 1772	1632	INVOICE-099990.exe	cmd.exe
PID 1772 wrote to memory of 1712	1772	cmd.exe	schtasks.exe
PID 1772 wrote to memory of 1712	1772	cmd.exe	schtasks.exe
PID 1772 wrote to memory of 1712	1772	cmd.exe	schtasks.exe
PID 1772 wrote to memory of 1712	1772	cmd.exe	schtasks.exe
PID 1632 wrote to memory of 1700	1632	INVOICE-099990.exe	MSBuild.exe
PID 1632 wrote to memory of 1700	1632	INVOICE-099990.exe	MSBuild.exe
PID 1632 wrote to memory of 1700	1632	INVOICE-099990.exe	MSBuild.exe
PID 1632 wrote to memory of 1700	1632	INVOICE-099990.exe	MSBuild.exe
PID 1632 wrote to memory of 1700	1632	INVOICE-099990.exe	MSBuild.exe
PID 1632 wrote to memory of 1816	1632	INVOICE-099990.exe	INVOICE-099990.exe
PID 1632 wrote to memory of 1816	1632	INVOICE-099990.exe	INVOICE-099990.exe
PID 1632 wrote to memory of 1816	1632	INVOICE-099990.exe	INVOICE-099990.exe
PID 1632 wrote to memory of 1816	1632	INVOICE-099990.exe	INVOICE-099990.exe
PID 1816 wrote to memory of 1620	1816	INVOICE-099990.exe	MSBuild.exe
PID 1816 wrote to memory of 1620	1816	INVOICE-099990.exe	MSBuild.exe
PID 1816 wrote to memory of 1620	1816	INVOICE-099990.exe	MSBuild.exe
PID 1816 wrote to memory of 1620	1816	INVOICE-099990.exe	MSBuild.exe
PID 1816 wrote to memory of 1620	1816	INVOICE-099990.exe	MSBuild.exe
PID 1816 wrote to memory of 1664	1816	INVOICE-099990.exe	INVOICE-099990.exe
PID 1816 wrote to memory of 1664	1816	INVOICE-099990.exe	INVOICE-099990.exe
PID 1816 wrote to memory of 1664	1816	INVOICE-099990.exe	INVOICE-099990.exe
PID 1816 wrote to memory of 1664	1816	INVOICE-099990.exe	INVOICE-099990.exe
PID 1664 wrote to memory of 1088	1664	INVOICE-099990.exe	MSBuild.exe
PID 1664 wrote to memory of 1088	1664	INVOICE-099990.exe	MSBuild.exe
PID 1664 wrote to memory of 1088	1664	INVOICE-099990.exe	MSBuild.exe
PID 1664 wrote to memory of 1088	1664	INVOICE-099990.exe	MSBuild.exe
PID 1664 wrote to memory of 1088	1664	INVOICE-099990.exe	MSBuild.exe
PID 1664 wrote to memory of 1096	1664	INVOICE-099990.exe	INVOICE-099990.exe
PID 1664 wrote to memory of 1096	1664	INVOICE-099990.exe	INVOICE-099990.exe
PID 1664 wrote to memory of 1096	1664	INVOICE-099990.exe	INVOICE-099990.exe
PID 1664 wrote to memory of 1096	1664	INVOICE-099990.exe	INVOICE-099990.exe
PID 1096 wrote to memory of 396	1096	INVOICE-099990.exe	MSBuild.exe
PID 1096 wrote to memory of 396	1096	INVOICE-099990.exe	MSBuild.exe
PID 1096 wrote to memory of 396	1096	INVOICE-099990.exe	MSBuild.exe
PID 1096 wrote to memory of 396	1096	INVOICE-099990.exe	MSBuild.exe
PID 1096 wrote to memory of 396	1096	INVOICE-099990.exe	MSBuild.exe
PID 1096 wrote to memory of 332	1096	INVOICE-099990.exe	INVOICE-099990.exe
PID 1096 wrote to memory of 332	1096	INVOICE-099990.exe	INVOICE-099990.exe
PID 1096 wrote to memory of 332	1096	INVOICE-099990.exe	INVOICE-099990.exe
PID 1096 wrote to memory of 332	1096	INVOICE-099990.exe	INVOICE-099990.exe
PID 332 wrote to memory of 1952	332	INVOICE-099990.exe	MSBuild.exe
PID 332 wrote to memory of 1952	332	INVOICE-099990.exe	MSBuild.exe
PID 332 wrote to memory of 1952	332	INVOICE-099990.exe	MSBuild.exe
PID 332 wrote to memory of 1952	332	INVOICE-099990.exe	MSBuild.exe
PID 332 wrote to memory of 1952	332	INVOICE-099990.exe	MSBuild.exe
PID 332 wrote to memory of 556	332	INVOICE-099990.exe	INVOICE-099990.exe
PID 332 wrote to memory of 556	332	INVOICE-099990.exe	INVOICE-099990.exe
PID 332 wrote to memory of 556	332	INVOICE-099990.exe	INVOICE-099990.exe
PID 332 wrote to memory of 556	332	INVOICE-099990.exe	INVOICE-099990.exe
PID 556 wrote to memory of 844	556	INVOICE-099990.exe	MSBuild.exe
PID 556 wrote to memory of 844	556	INVOICE-099990.exe	MSBuild.exe
PID 556 wrote to memory of 844	556	INVOICE-099990.exe	MSBuild.exe
PID 556 wrote to memory of 844	556	INVOICE-099990.exe	MSBuild.exe
PID 556 wrote to memory of 844	556	INVOICE-099990.exe	MSBuild.exe
PID 556 wrote to memory of 744	556	INVOICE-099990.exe	INVOICE-099990.exe
PID 556 wrote to memory of 744	556	INVOICE-099990.exe	INVOICE-099990.exe
PID 556 wrote to memory of 744	556	INVOICE-099990.exe	INVOICE-099990.exe
PID 556 wrote to memory of 744	556	INVOICE-099990.exe	INVOICE-099990.exe
PID 744 wrote to memory of 1340	744	INVOICE-099990.exe	MSBuild.exe
PID 744 wrote to memory of 1340	744	INVOICE-099990.exe	MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1632

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /Create /TN name /XML "C:\Users\Admin\AppData\Local\Temp\00cff45d83b14c1088dbafa677647693.xml"
2⤵
- Suspicious use of WriteProcessMemory
PID:1772

C:\Windows\SysWOW64\schtasks.exe
schtasks /Create /TN name /XML "C:\Users\Admin\AppData\Local\Temp\00cff45d83b14c1088dbafa677647693.xml"
3⤵
- Creates scheduled task(s)
PID:1712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
2⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
2⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
3⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
3⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
4⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
4⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1096

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
5⤵
PID:396

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
5⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
6⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
6⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:556

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
7⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
7⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
8⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
8⤵
- Suspicious behavior: MapViewOfSection
PID:964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
9⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
9⤵
- Suspicious behavior: MapViewOfSection
PID:1032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
10⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
10⤵
- Suspicious behavior: MapViewOfSection
PID:864

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
11⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
11⤵
- Suspicious behavior: MapViewOfSection
PID:472

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
12⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
12⤵
- Suspicious behavior: MapViewOfSection
PID:1020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
13⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
13⤵
- Suspicious behavior: MapViewOfSection
PID:836

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
14⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
14⤵
- Suspicious behavior: MapViewOfSection
PID:1012

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
15⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
15⤵
- Suspicious behavior: MapViewOfSection
PID:1824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
16⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
16⤵
- Suspicious behavior: MapViewOfSection
PID:388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
17⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
17⤵
- Suspicious behavior: MapViewOfSection
PID:600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
18⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
18⤵
- Suspicious behavior: MapViewOfSection
PID:1592

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
19⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
19⤵
- Suspicious behavior: MapViewOfSection
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
20⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
20⤵
- Suspicious behavior: MapViewOfSection
PID:1784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
21⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
21⤵
- Suspicious behavior: MapViewOfSection
PID:1880

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
22⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
22⤵
- Suspicious behavior: MapViewOfSection
PID:1712

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
23⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
23⤵
- Suspicious behavior: MapViewOfSection
PID:1760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
24⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
24⤵
- Suspicious behavior: MapViewOfSection
PID:1704

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
25⤵
PID:528

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
25⤵
- Suspicious behavior: MapViewOfSection
PID:1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
26⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
26⤵
- Suspicious behavior: MapViewOfSection
PID:272

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
27⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
27⤵
- Suspicious behavior: MapViewOfSection
PID:580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
28⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
28⤵
- Suspicious behavior: MapViewOfSection
PID:1460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
29⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
29⤵
- Suspicious behavior: MapViewOfSection
PID:328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
30⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
30⤵
- Suspicious behavior: MapViewOfSection
PID:964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
31⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
31⤵
- Suspicious behavior: MapViewOfSection
PID:1032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
32⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
32⤵
- Suspicious behavior: MapViewOfSection
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
33⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
33⤵
- Suspicious behavior: MapViewOfSection
PID:1196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
34⤵
PID:1188

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
34⤵
- Suspicious behavior: MapViewOfSection
PID:1984

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
35⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
35⤵
- Suspicious behavior: MapViewOfSection
PID:364

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
36⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
36⤵
- Suspicious behavior: MapViewOfSection
PID:344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
37⤵
PID:796

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
37⤵
- Suspicious behavior: MapViewOfSection
PID:1820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
38⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
38⤵
- Suspicious behavior: MapViewOfSection
PID:1944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
39⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
39⤵
- Suspicious behavior: MapViewOfSection
PID:1104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
40⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
40⤵
- Suspicious behavior: MapViewOfSection
PID:820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
41⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
41⤵
- Suspicious behavior: MapViewOfSection
PID:304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
42⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
42⤵
- Suspicious behavior: MapViewOfSection
PID:1692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
43⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
43⤵
- Suspicious behavior: MapViewOfSection
PID:1776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
44⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
44⤵
- Suspicious behavior: MapViewOfSection
PID:1700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
45⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
45⤵
- Suspicious behavior: MapViewOfSection
PID:1756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
46⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
46⤵
- Suspicious behavior: MapViewOfSection
PID:1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
47⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
47⤵
- Suspicious behavior: MapViewOfSection
PID:1616

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
48⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
48⤵
- Suspicious behavior: MapViewOfSection
PID:528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
49⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
49⤵
- Suspicious behavior: MapViewOfSection
PID:872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
50⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
50⤵
- Suspicious behavior: MapViewOfSection
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
51⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
51⤵
- Suspicious behavior: MapViewOfSection
PID:268

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
52⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
52⤵
- Suspicious behavior: MapViewOfSection
PID:1468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
53⤵
PID:272

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
53⤵
- Suspicious behavior: MapViewOfSection
PID:1324

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
54⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
54⤵
- Suspicious behavior: MapViewOfSection
PID:1120

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
55⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
55⤵
PID:1460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
56⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
56⤵
PID:744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
57⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
57⤵
PID:916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
58⤵
PID:524

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
58⤵
PID:1500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
59⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
59⤵
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
60⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
60⤵
PID:1196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
61⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
61⤵
PID:472

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
62⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
62⤵
PID:1020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
63⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
63⤵
PID:836

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
64⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
64⤵
PID:1820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
65⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
65⤵
PID:436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
66⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
66⤵
PID:388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
67⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
67⤵
PID:1568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
68⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
68⤵
PID:1992

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
69⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
69⤵
PID:304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
70⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
70⤵
PID:2000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
71⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
71⤵
PID:1788

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
72⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
72⤵
PID:1784

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
73⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
73⤵
PID:1736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
74⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
74⤵
PID:1756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
75⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
75⤵
PID:1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
76⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
76⤵
PID:1816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
77⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
77⤵
PID:1704

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
78⤵
PID:432

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
78⤵
PID:956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
79⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
79⤵
PID:872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
80⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
80⤵
PID:1908

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
81⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
81⤵
PID:1084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
82⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
82⤵
PID:272

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
83⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
83⤵
PID:636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
84⤵
PID:368

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
84⤵
PID:1324

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
85⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
85⤵
PID:580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
86⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
86⤵
PID:900

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
87⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
87⤵
PID:1160

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
88⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
88⤵
PID:1032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
89⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
89⤵
PID:916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
90⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
90⤵
PID:1500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
91⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
91⤵
PID:988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
92⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
92⤵
PID:856

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
93⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
93⤵
PID:1728

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
94⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
94⤵
PID:344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
95⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
95⤵
PID:1432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
96⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
96⤵
PID:1544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
97⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
97⤵
PID:1836

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
98⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
98⤵
PID:1012

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
99⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
99⤵
PID:932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
100⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
100⤵
PID:596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
101⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
101⤵
PID:1420

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
102⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
102⤵
PID:1648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
103⤵
PID:436

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
103⤵
PID:752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
104⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
104⤵
PID:820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
105⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
105⤵
PID:1748

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
106⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
106⤵
PID:1972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
107⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
107⤵
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
108⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
108⤵
PID:1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
109⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
109⤵
PID:1700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
110⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
110⤵
PID:896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
111⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
111⤵
PID:1668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
112⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
112⤵
PID:1660

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
113⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
113⤵
PID:1760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
114⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
114⤵
PID:1684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
115⤵
PID:528

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
115⤵
PID:972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
116⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
116⤵
PID:1664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
117⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
117⤵
PID:396

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
118⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
118⤵
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
119⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
119⤵
PID:1096

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
120⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
120⤵
PID:844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
121⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
121⤵
PID:620

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
122⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
122⤵
PID:1340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
123⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
123⤵
PID:1168

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
124⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
124⤵
PID:964

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
125⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
125⤵
PID:952

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
126⤵
PID:744

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
126⤵
PID:1940

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
127⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
127⤵
PID:524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
128⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
128⤵
PID:2032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
129⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
129⤵
PID:1188

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
130⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
130⤵
PID:1928

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
131⤵
PID:364

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
131⤵
PID:1456

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
132⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
132⤵
PID:796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
133⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
133⤵
PID:924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
134⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
134⤵
PID:2016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
135⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
135⤵
PID:1924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
136⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
136⤵
PID:692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
137⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
137⤵
PID:836

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
138⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
138⤵
PID:1916

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
139⤵
PID:932

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
139⤵
PID:1820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
140⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
140⤵
PID:1628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
141⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
141⤵
PID:436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
142⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
142⤵
PID:1436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
143⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
143⤵
PID:600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
144⤵
PID:820

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
144⤵
PID:1596

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
145⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
145⤵
PID:1708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
146⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
146⤵
PID:1876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
147⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE-099990.exe"
147⤵
PID:1776

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\00cff45d83b14c1088dbafa677647693.xml
MD5
a035055e1c80bc652520df45650c690f

SHA1
37b8364ad46e17199eb5a7ee89bb506bba384adb

SHA256
2b9948d34674d0fc0f9cb290da8298441b56205f6e341e3cfa1954df42c2b655

SHA512
678279d1bfc8a71c27a5a2c3afa5fd266882a62610863a3e4ebc2489f17827ed4c680c89e6b8b52621320500294d2df9888259ccdc5d38def43e739c1f325fc1

Download Submit
memory/268-55-0x0000000000000000-mapping.dmp

Download
memory/272-30-0x0000000000000000-mapping.dmp

Download
memory/304-45-0x0000000000000000-mapping.dmp

Download
memory/328-33-0x0000000000000000-mapping.dmp

Download
memory/332-9-0x0000000000000000-mapping.dmp

Download
memory/344-40-0x0000000000000000-mapping.dmp

Download
memory/364-39-0x0000000000000000-mapping.dmp

Download
memory/388-20-0x0000000000000000-mapping.dmp

Download
memory/472-65-0x0000000000000000-mapping.dmp

Download
memory/472-15-0x0000000000000000-mapping.dmp

Download
memory/528-52-0x0000000000000000-mapping.dmp

Download
memory/556-10-0x0000000000000000-mapping.dmp

Download
memory/580-31-0x0000000000000000-mapping.dmp

Download
memory/600-21-0x0000000000000000-mapping.dmp

Download
memory/744-11-0x0000000000000000-mapping.dmp

Download
memory/744-60-0x0000000000000000-mapping.dmp

Download
memory/820-44-0x0000000000000000-mapping.dmp

Download
memory/836-17-0x0000000000000000-mapping.dmp

Download
memory/836-67-0x0000000000000000-mapping.dmp

Download
memory/864-14-0x0000000000000000-mapping.dmp

Download
memory/872-53-0x0000000000000000-mapping.dmp

Download
memory/916-61-0x0000000000000000-mapping.dmp

Download
memory/964-12-0x0000000000000000-mapping.dmp

Download
memory/964-34-0x0000000000000000-mapping.dmp

Download
memory/1012-18-0x0000000000000000-mapping.dmp

Download
memory/1020-66-0x0000000000000000-mapping.dmp

Download
memory/1020-16-0x0000000000000000-mapping.dmp

Download
memory/1032-13-0x0000000000000000-mapping.dmp

Download
memory/1032-35-0x0000000000000000-mapping.dmp

Download
memory/1096-8-0x0000000000000000-mapping.dmp

Download
memory/1104-43-0x0000000000000000-mapping.dmp

Download
memory/1120-58-0x0000000000000000-mapping.dmp

Download
memory/1196-64-0x0000000000000000-mapping.dmp

Download
memory/1196-37-0x0000000000000000-mapping.dmp

Download
memory/1324-57-0x0000000000000000-mapping.dmp

Download
memory/1460-59-0x0000000000000000-mapping.dmp

Download
memory/1460-32-0x0000000000000000-mapping.dmp

Download
memory/1464-36-0x0000000000000000-mapping.dmp

Download
memory/1464-63-0x0000000000000000-mapping.dmp

Download
memory/1468-56-0x0000000000000000-mapping.dmp

Download
memory/1500-62-0x0000000000000000-mapping.dmp

Download
memory/1572-23-0x0000000000000000-mapping.dmp

Download
memory/1592-22-0x0000000000000000-mapping.dmp

Download
memory/1616-51-0x0000000000000000-mapping.dmp

Download
memory/1632-2-0x0000000076341000-0x0000000076343000-memory.dmp

Filesize
8KB

Download
memory/1636-54-0x0000000000000000-mapping.dmp

Download
memory/1664-7-0x0000000000000000-mapping.dmp

Download
memory/1692-46-0x0000000000000000-mapping.dmp

Download
memory/1700-48-0x0000000000000000-mapping.dmp

Download
memory/1704-28-0x0000000000000000-mapping.dmp

Download
memory/1712-26-0x0000000000000000-mapping.dmp

Download
memory/1712-4-0x0000000000000000-mapping.dmp

Download
memory/1756-49-0x0000000000000000-mapping.dmp

Download
memory/1760-27-0x0000000000000000-mapping.dmp

Download
memory/1772-3-0x0000000000000000-mapping.dmp

Download
memory/1772-50-0x0000000000000000-mapping.dmp

Download
memory/1776-47-0x0000000000000000-mapping.dmp

Download
memory/1780-29-0x0000000000000000-mapping.dmp

Download
memory/1784-24-0x0000000000000000-mapping.dmp

Download
memory/1816-6-0x0000000000000000-mapping.dmp

Download
memory/1820-41-0x0000000000000000-mapping.dmp

Download
memory/1824-19-0x0000000000000000-mapping.dmp

Download
memory/1880-25-0x0000000000000000-mapping.dmp

Download
memory/1944-42-0x0000000000000000-mapping.dmp

Download
memory/1984-38-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads