Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 92.122.145.220 |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: http://ZLVZGU.com |
Source: MSBuild.exe, 00000003.00000003.409109256.000000000791A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q |
Source: MSBuild.exe, 00000003.00000003.409109256.000000000791A000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl0 |
Source: MSBuild.exe, 00000003.00000003.409109256.000000000791A000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org/ |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org/( |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.orgGETMozilla/5.0 |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.orgx& |
Source: Arrivalnotice2020pdf.exe, 00000000.00000002.211934436.00000000000D3000.00000004.00020000.sdmp, MSBuild.exe, 00000003.00000002.474831985.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://api.telegram.org/bot%telegramapi%/ |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: https://api.telegram.org/bot%telegramapi%/sendDocumentdocument---------------------------x |
Source: MSBuild.exe, 00000003.00000002.479039341.000000000364E000.00000004.00000001.sdmp, MSBuild.exe, 00000003.00000002.479119119.0000000003668000.00000004.00000001.sdmp, MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: https://dBHeYNWtul3f.net |
Source: MSBuild.exe, 00000003.00000003.409109256.000000000791A000.00000004.00000001.sdmp |
String found in binary or memory: https://secure.comodo.com/CPS0 |
Source: Arrivalnotice2020pdf.exe, MSBuild.exe, 00000003.00000002.474831985.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: MSBuild.exe, 00000003.00000002.477291193.0000000003401000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: unknown |
Network traffic detected: HTTP traffic on port 49698 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49678 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49699 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49699 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49742 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49697 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49696 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49683 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49678 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49697 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49696 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49702 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49693 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49692 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49680 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49690 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49742 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49683 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49690 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49701 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49687 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49702 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49701 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000C583D |
0_2_000C583D |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000C6835 |
0_2_000C6835 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000C50C1 |
0_2_000C50C1 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000D80D5 |
0_2_000D80D5 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000BA194 |
0_2_000BA194 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000B8273 |
0_2_000B8273 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000C4B51 |
0_2_000C4B51 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000B8B7F |
0_2_000B8B7F |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000BE3A9 |
0_2_000BE3A9 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000B93E9 |
0_2_000B93E9 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000C45E1 |
0_2_000C45E1 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000B7F50 |
0_2_000B7F50 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000B8767 |
0_2_000B8767 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000B8FB4 |
0_2_000B8FB4 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_055892E8 |
3_2_055892E8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADB4ED0 |
3_2_0ADB4ED0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADB2EE8 |
3_2_0ADB2EE8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADB7AE0 |
3_2_0ADB7AE0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADB6EB8 |
3_2_0ADB6EB8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADB0070 |
3_2_0ADB0070 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADB2E89 |
3_2_0ADB2E89 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADB6EA8 |
3_2_0ADB6EA8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADED9D0 |
3_2_0ADED9D0 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADEAEB8 |
3_2_0ADEAEB8 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADEBDAC |
3_2_0ADEBDAC |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADED578 |
3_2_0ADED578 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADE0070 |
3_2_0ADE0070 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADE5930 |
3_2_0ADE5930 |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Code function: 3_2_0ADE0007 |
3_2_0ADE0007 |
Source: Arrivalnotice2020pdf.exe |
Binary or memory string: OriginalFilename vs Arrivalnotice2020pdf.exe |
Source: Arrivalnotice2020pdf.exe, 00000000.00000002.211934436.00000000000D3000.00000004.00020000.sdmp |
Binary or memory string: OriginalFilenamefobWaEQAeVYNzsIgHQxKLyzadmXNXRmrUHO.exe4 vs Arrivalnotice2020pdf.exe |
Source: Arrivalnotice2020pdf.exe, 00000000.00000003.210597797.0000000002FB6000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenamentdll.dllj% vs Arrivalnotice2020pdf.exe |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: Arrivalnotice2020pdf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: Arrivalnotice2020pdf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: Arrivalnotice2020pdf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: Arrivalnotice2020pdf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: Arrivalnotice2020pdf.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000C215C EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
0_2_000C215C |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Function Chain: systemQueried,systemQueried,threadDelayed,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -922337203685477s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -3270000s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -149450s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -269019s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -89721s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -328966s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -686757s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -298600s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -59718s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -150000s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -30000s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -60048s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -30141s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -40062s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -38844s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -59686s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -39562s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 1724 |
Thread sleep time: -39312s >= -30000s |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: MSBuild.exe, 00000003.00000002.481167503.0000000005D10000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: MSBuild.exe, 00000003.00000002.482772481.00000000078D0000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllN |
Source: MSBuild.exe, 00000003.00000002.481167503.0000000005D10000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: MSBuild.exe, 00000003.00000002.481167503.0000000005D10000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: MSBuild.exe, 00000003.00000002.481167503.0000000005D10000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000C215C EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
0_2_000C215C |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000C215C EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
0_2_000C215C |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000C215C EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
0_2_000C215C |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000B1970 mov eax, dword ptr fs:[00000030h] |
0_2_000B1970 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000B1970 mov eax, dword ptr fs:[00000030h] |
0_2_000B1970 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000D1CC2 mov eax, dword ptr fs:[00000030h] |
0_2_000D1CC2 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000D2688 mov eax, dword ptr fs:[00000030h] |
0_2_000D2688 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000D26C5 mov eax, dword ptr fs:[00000030h] |
0_2_000D26C5 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: 0_2_000D2728 mov eax, dword ptr fs:[00000030h] |
0_2_000D2728 |
Source: MSBuild.exe, 00000003.00000002.476151015.0000000001AD0000.00000002.00000001.sdmp |
Binary or memory string: Program Manager |
Source: MSBuild.exe, 00000003.00000002.476151015.0000000001AD0000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: MSBuild.exe, 00000003.00000002.476151015.0000000001AD0000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: MSBuild.exe, 00000003.00000002.476151015.0000000001AD0000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement, |
0_2_000B4887 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, |
0_2_000BB34D |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
0_2_000C0B91 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, |
0_2_000C24BA |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: EnumSystemLocalesEx, |
0_2_000BF53A |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: GetLocaleInfoEx, |
0_2_000BF550 |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
0_2_000C159E |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: GetLocaleInfoEx,__wcsnicmp,_TestDefaultCountry,_TestDefaultCountry,__invoke_watson,__invoke_watson, |
0_2_000C275E |
Source: C:\Users\user\Desktop\Arrivalnotice2020pdf.exe |
Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free, |
0_2_000C0F9A |
Source: Yara match |
File source: 00000000.00000002.211934436.00000000000D3000.00000004.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.474831985.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Arrivalnotice2020pdf.exe PID: 5492, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: MSBuild.exe PID: 2540, type: MEMORY |
Source: Yara match |
File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Arrivalnotice2020pdf.exe.b0000.0.unpack, type: UNPACKEDPE |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities |
Jump to behavior |
Source: Yara match |
File source: 00000000.00000002.211934436.00000000000D3000.00000004.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.474831985.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Arrivalnotice2020pdf.exe PID: 5492, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: MSBuild.exe PID: 2540, type: MEMORY |
Source: Yara match |
File source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Arrivalnotice2020pdf.exe.b0000.0.unpack, type: UNPACKEDPE |