| Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmp |
| Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmp |
| Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
| Source: |
Binary string: protobuf-net.pdb source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h |
5_2_0576D220 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then jmp 05772E77h |
5_2_05772DF3 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then jmp 05771018h |
5_2_05770C50 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then jmp 05771018h |
5_2_05770C40 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then jmp 05772E77h |
5_2_05772F07 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then jmp 05772E77h |
5_2_05772E00 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then jmp 0577153Bh |
5_2_05771320 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then jmp 0577153Bh |
5_2_05771311 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h |
5_2_059C4290 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h |
5_2_059C4288 |
| Source: aspnet_compiler.exe, 0000000A.00000002.2532146794.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002531000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.000000000260E000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002531000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hosting |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.00000000025F4000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002531000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://account.dyn.com/ |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-net |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-netJ |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-neti |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/11564914/23354; |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/14436606/23354 |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/2152978/23354 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AF73D8 |
5_2_00AF73D8 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AF87C4 |
5_2_00AF87C4 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AFA3B8 |
5_2_00AFA3B8 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AF73C8 |
5_2_00AF73C8 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AFD5A0 |
5_2_00AFD5A0 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AFD590 |
5_2_00AFD590 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AFB88A |
5_2_00AFB88A |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AFB898 |
5_2_00AFB898 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AF5DE8 |
5_2_00AF5DE8 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_00AF5DD8 |
5_2_00AF5DD8 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_0566E630 |
5_2_0566E630 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05662FB8 |
5_2_05662FB8 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_0566355E |
5_2_0566355E |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_0566B442 |
5_2_0566B442 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_0566B450 |
5_2_0566B450 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05661328 |
5_2_05661328 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05661338 |
5_2_05661338 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05662FAA |
5_2_05662FAA |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05665E3E |
5_2_05665E3E |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_0566E967 |
5_2_0566E967 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05661813 |
5_2_05661813 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_0576E998 |
5_2_0576E998 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05760040 |
5_2_05760040 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05760007 |
5_2_05760007 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_0577A218 |
5_2_0577A218 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05772DF3 |
5_2_05772DF3 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05772F07 |
5_2_05772F07 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05772E00 |
5_2_05772E00 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05778EB8 |
5_2_05778EB8 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05778EA9 |
5_2_05778EA9 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05771B10 |
5_2_05771B10 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_0577A208 |
5_2_0577A208 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05771AC9 |
5_2_05771AC9 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_0578ECF8 |
5_2_0578ECF8 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_057824A8 |
5_2_057824A8 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05780040 |
5_2_05780040 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_059C5168 |
5_2_059C5168 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_059C4CEF |
5_2_059C4CEF |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05A0D830 |
5_2_05A0D830 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_05A0CCB0 |
5_2_05A0CCB0 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_059F0006 |
5_2_059F0006 |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Code function: 5_2_059F0040 |
5_2_059F0040 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_00A0A4F8 |
10_2_00A0A4F8 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_00A0D898 |
10_2_00A0D898 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_00A04AC8 |
10_2_00A04AC8 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_00A09D40 |
10_2_00A09D40 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_00A03EB0 |
10_2_00A03EB0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_00A041F8 |
10_2_00A041F8 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_05C71128 |
10_2_05C71128 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_05C71ED0 |
10_2_05C71ED0 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_05C78368 |
10_2_05C78368 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_05C78300 |
10_2_05C78300 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_05C72F88 |
10_2_05C72F88 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Code function: 10_2_05C73670 |
10_2_05C73670 |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000040A5000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameTzayrsmq.dll" vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002B34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclrjit.dllT vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002B34000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1796796106.0000000005280000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameTzayrsmq.dll" vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename76bc4fde-e535-4efe-99b6-617b51be4b06.exe4 vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1784762345.0000000000B2E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000000.1276318670.000000000057E000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameWzlohxjp.exe> vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename76bc4fde-e535-4efe-99b6-617b51be4b06.exe4 vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Binary or memory string: OriginalFilenameWzlohxjp.exe> vs QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: apphelp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: msasn1.dll |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Section loaded: gpapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: mscoree.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: version.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: profapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: amsi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: userenv.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: sspicli.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: rasman.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: rtutils.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: mswsock.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: winhttp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: winnsi.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: vaultcli.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Section loaded: edputil.dll |
Jump to behavior |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
| Source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskPrincipal.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, User.cs |
Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type) |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskSecurity.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges() |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskSecurity.cs |
Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule) |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, TaskFolder.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, Task.cs |
Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, -.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, LoggingEvent.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
| Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmp |
| Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.0000000006571000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1800508404.0000000005940000.00000004.08000000.00040000.00000000.sdmp |
| Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
| Source: |
Binary string: protobuf-net.pdb source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1788177024.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1799734923.0000000005700000.00000004.08000000.00040000.00000000.sdmp |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, -.cs |
.Net Code: _E009 System.Reflection.Assembly.Load(byte[]) |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, Program.cs |
.Net Code: _E000 System.Reflection.Assembly.Load(byte[]) |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5940000.16.raw.unpack, XmlSerializationHelper.cs |
.Net Code: ReadObjectProperties |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, TypeModel.cs |
.Net Code: TryDeserializeList |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, ListDecorator.cs |
.Net Code: Read |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, TypeSerializer.cs |
.Net Code: CreateInstance |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, TypeSerializer.cs |
.Net Code: EmitCreateInstance |
| Source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.47d6ba0.5.raw.unpack, TypeSerializer.cs |
.Net Code: EmitCreateIfNull |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.45dece0.9.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.5690000.14.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.46f6d40.8.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2d554c4.1.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2d554c4.1.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.45dece0.9.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.42d2c50.11.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.40a5630.6.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 00000005.00000002.1799414641.0000000005690000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1788177024.00000000046F6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1785256079.0000000002CC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1788177024.00000000040A5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: Process Memory Space: QUOTATION_MARQTRA031244#U00faPDF.scr.exe PID: 7436, type: MEMORYSTR |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1800000 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799875 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799766 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799656 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799547 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799438 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799313 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799204 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799091 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798969 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797985 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796985 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795985 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794985 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1793985 |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe TID: 7440 |
Thread sleep count: 53 > 30 |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe TID: 7440 |
Thread sleep time: -53000s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe TID: 7564 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep count: 32 > 30 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -29514790517935264s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1800000s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 1428 |
Thread sleep count: 1555 > 30 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1799875s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 1428 |
Thread sleep count: 8263 > 30 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1799766s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1799656s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1799547s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1799438s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep count: 32 > 30 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1799313s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1799204s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1799091s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1798969s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1798860s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1798735s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1798610s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1798485s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1798360s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1798235s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1798110s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1797985s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1797860s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1797735s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1797610s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1797485s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1797360s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1797235s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1797110s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1796985s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1796860s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1796735s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1796610s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1796485s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1796360s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1796235s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1796110s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1795985s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1795860s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1795735s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1795610s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1795485s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1795360s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1795235s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1795110s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1794985s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1794860s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1794735s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1794610s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1794485s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1794360s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1794235s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1794110s >= -30000s |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7304 |
Thread sleep time: -1793985s >= -30000s |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1800000 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799875 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799766 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799656 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799547 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799438 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799313 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799204 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1799091 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798969 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1798110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797985 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1797110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796985 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1796110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795985 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1795110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794985 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794860 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794735 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794610 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794485 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794360 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794235 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1794110 |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Thread delayed: delay time: 1793985 |
Jump to behavior |
| Source: aspnet_compiler.exe, 0000000A.00000002.2532146794.0000000002565000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware |
| Source: aspnet_compiler.exe, 0000000A.00000002.2529867607.00000000007B3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9 |
| Source: aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: vmware |
| Source: aspnet_compiler.exe, 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem |
| Source: QUOTATION_MARQTRA031244#U00faPDF.scr.exe, 00000005.00000002.1785256079.00000000028C1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: model0Microsoft|VMWare|Virtual |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Queries volume information: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe VolumeInformation |
Jump to behavior |
| Source: C:\Users\user\Desktop\QUOTATION_MARQTRA031244#U00faPDF.scr.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformation |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: Process Memory Space: QUOTATION_MARQTRA031244#U00faPDF.scr.exe PID: 7436, type: MEMORYSTR |
| Source: Yara match |
File source: Process Memory Space: aspnet_compiler.exe PID: 6572, type: MEMORYSTR |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 0000000A.00000002.2532146794.0000000002565000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: Process Memory Space: QUOTATION_MARQTRA031244#U00faPDF.scr.exe PID: 7436, type: MEMORYSTR |
| Source: Yara match |
File source: Process Memory Space: aspnet_compiler.exe PID: 6572, type: MEMORYSTR |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 10.2.aspnet_compiler.exe.550000.0.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.2ac8580.0.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 5.2.QUOTATION_MARQTRA031244#U00faPDF.scr.exe.6624af8.17.raw.unpack, type: UNPACKEDPE |
| Source: Yara match |
File source: 0000000A.00000002.2529396453.0000000000552000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1800936643.00000000065C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: 00000005.00000002.1785256079.0000000002A43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match |
File source: Process Memory Space: QUOTATION_MARQTRA031244#U00faPDF.scr.exe PID: 7436, type: MEMORYSTR |
| Source: Yara match |
File source: Process Memory Space: aspnet_compiler.exe PID: 6572, type: MEMORYSTR |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet