Source: 14.0.MSBuild.exe.400000.0.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.461f2c8.1.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.470f308.3.unpack |
Avira: Label: TR/Dropper.Gen |
Source: 0.0.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.f10000.0.unpack |
Avira: Label: TR/Crypt.XPACK.Gen7 |
Source: 16.0.AppLaunch.exe.4e00000.0.unpack |
Avira: Label: TR/Dropper.MSIL.Gen |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.45f72a8.0.unpack |
Avira: Label: TR/Patched.Ren.Gen |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.466f2e8.2.unpack |
Avira: Label: TR/Dropper.Gen |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\ |
Jump to behavior |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49744 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49688 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49752 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49695 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49751 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49695 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49691 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49690 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49745 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49744 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49690 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49688 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49751 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49752 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49735 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49735 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49745 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 131.253.33.200 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.108.210 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.108.210 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.108.210 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.108.210 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.108.210 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.108.210 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.108.210 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 40.126.31.4 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 209.197.3.8 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 209.197.3.8 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.201.249.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.201.249.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.201.249.71 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.211.5.146 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 209.197.3.8 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 209.197.3.8 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 209.197.3.8 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 93.184.220.29 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.42.16 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.5.88 |
Source: MSBuild.exe, 0000000E.00000002.537276033.0000000000F73000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000003.421757868.0000000000F5F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe, 00000000.00000002.359072458.000000000340B000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://james.newtonking.com/projects/json |
Source: MSBuild.exe, 0000000E.00000002.534247106.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/ |
Source: MSBuild.exe, 0000000E.00000002.534247106.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/Qv |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe, 00000000.00000002.383910090.000000000470F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000000.351294987.0000000000401000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot |
Source: MSBuild.exe, 0000000E.00000002.534247106.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.telegram.org/bot5446953292:AAFkDq-HVam91vjV2SXkAWjbhfkBnxaPoa4/sendDocument?chat_id=1269 |
Source: MSBuild.exe, 0000000E.00000003.422081191.0000000000F11000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com |
Source: 16.3.AppLaunch.exe.7e9a6e8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.466f2e8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects A310Logger Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.466f2e8.2.unpack, type: UNPACKEDPE |
Matched rule: Detects A310Logger Author: ditekSHen |
Source: 16.3.AppLaunch.exe.7e9a6e8.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 16.2.AppLaunch.exe.9250000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.470f308.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects A310Logger Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.45f72a8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects A310Logger Author: ditekSHen |
Source: 14.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects A310Logger Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.470f308.3.unpack, type: UNPACKEDPE |
Matched rule: Detects A310Logger Author: ditekSHen |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.461f2c8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects A310Logger Author: ditekSHen |
Source: 16.2.AppLaunch.exe.9250000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000010.00000002.403484045.0000000009250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000000.00000002.383910090.000000000470F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 00000010.00000003.380923428.0000000007E66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects Quasar RAT Author: Florian Roth |
Source: 00000000.00000002.379707702.0000000004597000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 00000000.00000002.364389176.00000000043F7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Auto-generated rule - file scan copy.pdf.r11 Author: Florian Roth |
Source: 16.3.AppLaunch.exe.7e9a6e8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.3.AppLaunch.exe.7e9a6e8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: HKTL_NET_GUID_SharpScribbles date = 2021-01-21, author = Arnim Rupp, description = Detects .NET red/black-team tools via typelibguid, reference = https://github.com/V1V1/SharpScribbles, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.466f2e8.2.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207 |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.466f2e8.2.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207 |
Source: 16.3.AppLaunch.exe.7e9a6e8.0.unpack, type: UNPACKEDPE |
Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.2.AppLaunch.exe.9250000.0.unpack, type: UNPACKEDPE |
Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.3.AppLaunch.exe.7e9a6e8.0.unpack, type: UNPACKEDPE |
Matched rule: HKTL_NET_GUID_SharpScribbles date = 2021-01-21, author = Arnim Rupp, description = Detects .NET red/black-team tools via typelibguid, reference = https://github.com/V1V1/SharpScribbles, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.2.AppLaunch.exe.9250000.0.unpack, type: UNPACKEDPE |
Matched rule: HKTL_NET_GUID_SharpScribbles date = 2021-01-21, author = Arnim Rupp, description = Detects .NET red/black-team tools via typelibguid, reference = https://github.com/V1V1/SharpScribbles, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.470f308.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207 |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.45f72a8.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207 |
Source: 14.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207 |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.470f308.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207 |
Source: 0.2.SecuriteInfo.com.W32.AIDetectNet.01.19566.exe.461f2c8.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_A310Logger author = ditekSHen, description = Detects A310Logger, snort_sid = 920204-920207 |
Source: 16.2.AppLaunch.exe.9250000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 16.2.AppLaunch.exe.9250000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: HKTL_NET_GUID_SharpScribbles date = 2021-01-21, author = Arnim Rupp, description = Detects .NET red/black-team tools via typelibguid, reference = https://github.com/V1V1/SharpScribbles, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000010.00000002.403484045.0000000009250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000010.00000002.403484045.0000000009250000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: HKTL_NET_GUID_SharpScribbles date = 2021-01-21, author = Arnim Rupp, description = Detects .NET red/black-team tools via typelibguid, reference = https://github.com/V1V1/SharpScribbles, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000002.383910090.000000000470F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000010.00000003.380923428.0000000007E66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000002.379707702.0000000004597000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: 00000000.00000002.364389176.00000000043F7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: LokiBot_Dropper_Packed_R11_Feb18 date = 2018-02-14, hash1 = 3b248d40fd7acb839cc592def1ed7652734e0e5ef93368be3c36c042883a3029, author = Florian Roth, description = Auto-generated rule - file scan copy.pdf.r11, reference = https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_01BCF030 |
0_2_01BCF030 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_01BC3D10 |
0_2_01BC3D10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_01BC3D00 |
0_2_01BC3D00 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_05484A60 |
0_2_05484A60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_05484A50 |
0_2_05484A50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_06337E12 |
0_2_06337E12 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_0633A48D |
0_2_0633A48D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_0633BEB5 |
0_2_0633BEB5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_06358337 |
0_2_06358337 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Code function: 0_2_0635DF90 |
0_2_0635DF90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 16_2_051305B0 |
16_2_051305B0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 16_2_051305A0 |
16_2_051305A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 16_2_05134850 |
16_2_05134850 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 16_2_05134860 |
16_2_05134860 |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe, 00000000.00000002.383883284.00000000046DC000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameBB NATIVE BOTNET.exe vs SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe, 00000000.00000002.358839460.00000000033F1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe, 00000000.00000002.384949271.000000000477C000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameBB NATIVE BOTNET.exe vs SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe, 00000000.00000000.262097375.0000000000F12000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameProforma Invoice INV-87634543-7.exe vs SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe, 00000000.00000002.361648144.00000000034B6000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameBB NATIVE BOTNET.exe vs SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Binary or memory string: OriginalFilenameProforma Invoice INV-87634543-7.exe vs SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Jump to behavior |
Source: AppLaunch.exe, 00000010.00000002.400484465.0000000006E41000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';n |
Source: AppLaunch.exe, 00000010.00000002.400484465.0000000006E41000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;>Cannot add a PRIMARY KEY column4Cannot add a UNIQUE columntCannot add a REFERENCES column with non-NULL default valuehCannot add a NOT NULL column with default value NULLZCannot add a column with non-constant default |
Source: AppLaunch.exe, 00000010.00000002.400484465.0000000006E41000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger'); |
Source: AppLaunch.exe, 00000010.00000002.400484465.0000000006E41000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0 |
Source: AppLaunch.exe, 00000010.00000002.400484465.0000000006E41000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: AppLaunch.exe, 00000010.00000002.400484465.0000000006E41000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' 4 |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe, 00000000.00000002.383910090.000000000470F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000000.351294987.0000000000401000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: hti.sLnagaugfe |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe, 00000000.00000002.383910090.000000000470F000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000000.351294987.0000000000401000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: F*\AC:\Users\TSC\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp$ |
Source: MSBuild.exe, 0000000E.00000002.531785304.000000000046C000.00000040.00000400.00020000.00000000.sdmp |
Binary or memory string: F*\AC:\Users\TSC\AppData\Roaming\Microsoft\Windows\Templates\Stub\Project1.vbp |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Binary or memory string: .vbpmva |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Binary or memory string: mt]wXwA~ll.vbpmrv |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\ |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\ |
Jump to behavior |
Source: MSBuild.exe, 0000000E.00000002.534247106.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWP |
Source: SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Binary or memory string: lqEMUttqO= |
Source: MSBuild.exe, 0000000E.00000003.421672820.0000000000F4E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000E.00000002.534247106.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 46C000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 46D000 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: BB2008 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4E00000 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 4D01008 |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetectNet.01.19566.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |