Malware Analysis Report

2025-01-19 05:02

Sample ID 220724-sjtpdsgean
Target 9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102
SHA256 9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102
Tags
collection phoenix keylogger stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102

Threat Level: Known bad

The file 9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102 was found to be: Known bad.

Malicious Activity Summary

collection phoenix keylogger stealer

Phoenix Keylogger

Phoenix Keylogger payload

Looks up external IP address via web service

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

AutoIT Executable

Program crash

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

outlook_office_path

Suspicious behavior: MapViewOfSection

outlook_win_path

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-07-24 15:09

Signatures

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-07-24 15:09

Reported

2022-07-24 15:12

Platform

win10v2004-20220721-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe"

Signatures

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ifconfig.me N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2036 set thread context of 4380 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 644 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 1560 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 2332 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 2324 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 4688 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 1360 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 312 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 4432 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 2240 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 4892 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 752 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 1456 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 912 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 2088 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 1860 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 4696 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 2820 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 1828 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 1396 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 1304 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 2264 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 1408 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 1264 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 4884 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 4864 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 916 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 4092 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 3908 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 2268 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 4292 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 set thread context of 896 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2036 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4380 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 644 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4516 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4256 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4688 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2328 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 312 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 2240 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 2036 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe

"C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4380 -ip 4380

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 1752

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 644 -ip 644

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 1744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 1560 -ip 1560

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 1728

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2332 -ip 2332

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2324 -ip 2324

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 1740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4688 -ip 4688

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 1764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1360 -ip 1360

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 1724

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2328 -ip 2328

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 312 -ip 312

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 1776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4432 -ip 4432

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2240 -ip 2240

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 4892 -ip 4892

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 752 -ip 752

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 1744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1456 -ip 1456

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2616 -ip 2616

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 1764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 912 -ip 912

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2088 -ip 2088

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1860 -ip 1860

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 1720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4696 -ip 4696

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2820 -ip 2820

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 1828 -ip 1828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1396 -ip 1396

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 1724

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1304 -ip 1304

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 2264 -ip 2264

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1408 -ip 1408

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 1724

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1264 -ip 1264

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 1720

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4884 -ip 4884

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 1764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4864 -ip 4864

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 916 -ip 916

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 1724

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4092 -ip 4092

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 1728

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3908 -ip 3908

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 1724

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2268 -ip 2268

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 1780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4292 -ip 4292

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 1764

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 896 -ip 896

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 1768

Network

Country Destination Domain Proto
US 93.184.221.240:80 tcp
US 8.8.8.8:53 ifconfig.me udp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
NL 52.178.17.2:443 tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp
US 34.160.111.145:80 ifconfig.me tcp

Files

memory/4380-130-0x0000000000000000-mapping.dmp

memory/4380-131-0x0000000000400000-0x0000000000424000-memory.dmp

memory/2036-132-0x00000000018F0000-0x000000000190F000-memory.dmp

memory/4380-134-0x0000000005DE0000-0x0000000006384000-memory.dmp

memory/2036-133-0x0000000001910000-0x0000000001913000-memory.dmp

memory/4380-135-0x00000000058D0000-0x000000000596C000-memory.dmp

memory/4380-136-0x0000000006490000-0x00000000064F6000-memory.dmp

memory/4380-137-0x0000000006B40000-0x0000000006D02000-memory.dmp

memory/644-138-0x0000000000000000-mapping.dmp

memory/2036-139-0x0000000001910000-0x0000000001913000-memory.dmp

memory/1560-140-0x0000000000000000-mapping.dmp

memory/2036-141-0x0000000001910000-0x0000000001913000-memory.dmp

memory/2036-142-0x0000000001910000-0x0000000001913000-memory.dmp

memory/2332-143-0x0000000000000000-mapping.dmp

memory/2036-144-0x0000000001910000-0x0000000001913000-memory.dmp

memory/2036-145-0x0000000001910000-0x0000000001913000-memory.dmp

memory/2324-146-0x0000000000000000-mapping.dmp

memory/2036-147-0x0000000001910000-0x0000000001913000-memory.dmp

memory/2036-148-0x0000000001910000-0x0000000001913000-memory.dmp

memory/4688-149-0x0000000000000000-mapping.dmp

memory/2036-150-0x0000000001910000-0x0000000001913000-memory.dmp

memory/1360-151-0x0000000000000000-mapping.dmp

memory/2036-152-0x0000000001910000-0x0000000001913000-memory.dmp

memory/2328-153-0x0000000000000000-mapping.dmp

memory/2036-154-0x0000000001910000-0x0000000001913000-memory.dmp

memory/2036-155-0x0000000001910000-0x0000000001913000-memory.dmp

memory/312-156-0x0000000000000000-mapping.dmp

memory/4432-157-0x0000000000000000-mapping.dmp

memory/2240-158-0x0000000000000000-mapping.dmp

memory/2036-159-0x0000000001910000-0x0000000001913000-memory.dmp

memory/4892-160-0x0000000000000000-mapping.dmp

memory/752-161-0x0000000000000000-mapping.dmp

memory/1456-162-0x0000000000000000-mapping.dmp

memory/2036-163-0x0000000001120000-0x0000000001123000-memory.dmp

memory/2616-164-0x0000000000000000-mapping.dmp

memory/2036-165-0x0000000001910000-0x0000000001913000-memory.dmp

memory/2036-166-0x0000000001120000-0x0000000001123000-memory.dmp

memory/912-167-0x0000000000000000-mapping.dmp

memory/2036-168-0x0000000001120000-0x0000000001123000-memory.dmp

memory/2088-169-0x0000000000000000-mapping.dmp

memory/2036-170-0x0000000001120000-0x0000000001123000-memory.dmp

memory/1860-171-0x0000000000000000-mapping.dmp

memory/4696-172-0x0000000000000000-mapping.dmp

memory/2820-173-0x0000000000000000-mapping.dmp

memory/1828-174-0x0000000000000000-mapping.dmp

memory/2036-175-0x0000000001120000-0x0000000001123000-memory.dmp

memory/2036-176-0x0000000001120000-0x0000000001123000-memory.dmp

memory/1396-177-0x0000000000000000-mapping.dmp

memory/1304-178-0x0000000000000000-mapping.dmp

memory/2036-179-0x0000000001120000-0x0000000001123000-memory.dmp

memory/2264-180-0x0000000000000000-mapping.dmp

memory/2036-181-0x0000000001120000-0x0000000001123000-memory.dmp

memory/1408-182-0x0000000000000000-mapping.dmp

memory/2036-183-0x0000000001120000-0x0000000001123000-memory.dmp

memory/2036-184-0x0000000001120000-0x0000000001123000-memory.dmp

memory/1264-185-0x0000000000000000-mapping.dmp

memory/4884-186-0x0000000000000000-mapping.dmp

memory/4864-187-0x0000000000000000-mapping.dmp

memory/916-188-0x0000000000000000-mapping.dmp

memory/4092-189-0x0000000000000000-mapping.dmp

memory/2036-190-0x0000000001120000-0x0000000001123000-memory.dmp

memory/3908-191-0x0000000000000000-mapping.dmp

memory/2036-192-0x0000000001120000-0x0000000001123000-memory.dmp

memory/2268-193-0x0000000000000000-mapping.dmp

memory/2036-194-0x0000000001120000-0x0000000001123000-memory.dmp

memory/4292-195-0x0000000000000000-mapping.dmp

memory/2036-196-0x0000000001120000-0x0000000001123000-memory.dmp

memory/896-197-0x0000000000000000-mapping.dmp

memory/2036-198-0x0000000001120000-0x0000000001123000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-24 15:09

Reported

2022-07-24 15:12

Platform

win7-20220718-en

Max time kernel

151s

Max time network

47s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe"

Signatures

Phoenix Keylogger

stealer keylogger phoenix

Phoenix Keylogger payload

Description Indicator Process Target
N/A N/A N/A N/A

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4084403625-2215941253-1760665084-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4084403625-2215941253-1760665084-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-4084403625-2215941253-1760665084-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ifconfig.me N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1108 set thread context of 1004 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1108 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 1108 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 1108 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 1108 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 1108 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
PID 1004 wrote to memory of 1224 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\SysWOW64\WerFault.exe
PID 1004 wrote to memory of 1224 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\SysWOW64\WerFault.exe
PID 1004 wrote to memory of 1224 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\SysWOW64\WerFault.exe
PID 1004 wrote to memory of 1224 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\SysWOW64\WerFault.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4084403625-2215941253-1760665084-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-4084403625-2215941253-1760665084-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe

"C:\Users\Admin\AppData\Local\Temp\9cfbfeea1c8769897ea1b35e658efa43e78a79e13828b54523b7e21d7a273102.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 1320

Network

Country Destination Domain Proto
US 8.8.8.8:53 ifconfig.me udp
US 34.160.111.145:80 ifconfig.me tcp

Files

memory/1108-54-0x00000000758B1000-0x00000000758B3000-memory.dmp

memory/1108-55-0x0000000000760000-0x000000000077F000-memory.dmp

memory/1108-56-0x00000000000B0000-0x00000000000B3000-memory.dmp

memory/1004-57-0x00000000004205FE-mapping.dmp

memory/1004-58-0x0000000000400000-0x0000000000424000-memory.dmp

memory/1004-59-0x0000000000370000-0x00000000003AA000-memory.dmp

memory/1224-61-0x0000000000000000-mapping.dmp

memory/1108-62-0x00000000000B0000-0x00000000000B3000-memory.dmp