Source: Document for shipping.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: Document for shipping.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: %%.pdbis( source: Document for shipping.exe, 00000003.00000002.81164074176.00000000004F6000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000753000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: PresentationFramework.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xaml.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\PresentationFramework.pdb source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\WindowsBase.pdbe source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdbSystem.ni.dllH source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbsT source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000753000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: WindowsBase.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb|Q source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdbb source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000797000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdbbxo source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000797000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: PresentationFramework.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xaml.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: WindowsBase.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: mscorlib.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\user\Desktop\Document for shipping.PDB$y source: Document for shipping.exe, 00000003.00000002.81164074176.00000000004F6000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: PresentationCore.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xml.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: WindowsBase.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Users\user\Desktop\Document for shipping.PDBad source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb]QF source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xaml.pdbMZ@ source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000753000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xml.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: PresentationCore.ni.pdbRSDS:Ne source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: vk.pdb source: Document for shipping.exe, 00000003.00000002.81164074176.00000000004F6000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: WindowsBase.pdb(|s source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: mscorlib.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: p0C:\Windows\mscorlib.pdb source: Document for shipping.exe, 00000003.00000002.81164074176.00000000004F6000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: PresentationCore.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xaml.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: C:\Windows\PresentationFramework.pdbpdbork.pdb source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdbn source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\PresentationFramework.pdbg.D source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdbRSDS] source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: C:\Windows\WindowsBase.pdbpdbase.pdbbQS source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\WindowsBase.pdb source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.pdbp source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007B2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: PresentationFramework.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: Document for shipping.exe, 00000003.00000002.81165521175.0000000002581000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://defaultcontainer/MainWindow.xamld |
Source: Document for shipping.exe, 00000003.00000002.81165521175.0000000002581000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://foo/MainWindow.xaml |
Source: Document for shipping.exe, 00000003.00000002.81165521175.0000000002581000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://foo/bar/mainwindow.baml |
Source: Document for shipping.exe, 00000003.00000002.81165521175.0000000002581000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://foo/bar/mainwindow.bamld |
Source: Amcache.hve.6.dr |
String found in binary or memory: http://upx.sf.net |
Source: Document for shipping.exe, --.cs |
Large array initialization: _0002: array initializer size 672632 |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Code function: 3_2_02382BC2 |
3_2_02382BC2 |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Code function: 3_2_0238182E |
3_2_0238182E |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Code function: 3_2_023828B0 |
3_2_023828B0 |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Code function: 3_2_02381846 |
3_2_02381846 |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Code function: 3_2_02381098 |
3_2_02381098 |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Code function: 3_2_02381D00 |
3_2_02381D00 |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Code function: 3_2_02382951 |
3_2_02382951 |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 1180 |
Source: Document for shipping.exe, 00000003.00000000.81129385221.0000000000134000.00000002.00000001.01000000.00000004.sdmp |
Binary or memory string: OriginalFilenameZvTD.exe< vs Document for shipping.exe |
Source: Document for shipping.exe, 00000003.00000002.81164265279.000000000071E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs Document for shipping.exe |
Source: Document for shipping.exe |
Binary or memory string: OriginalFilenameZvTD.exe< vs Document for shipping.exe |
Source: Document for shipping.exe |
Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: Document for shipping.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Mutant created: NULL |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7148 |
Source: Document for shipping.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: Document for shipping.exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83% |
Source: Document for shipping.exe |
ReversingLabs: Detection: 21% |
Source: Document for shipping.exe |
Virustotal: Detection: 28% |
Source: unknown |
Process created: C:\Users\user\Desktop\Document for shipping.exe "C:\Users\user\Desktop\Document for shipping.exe" |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 1180 |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: edgegdi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: msvcp140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: Document for shipping.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: %%.pdbis( source: Document for shipping.exe, 00000003.00000002.81164074176.00000000004F6000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000753000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: PresentationFramework.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xaml.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\PresentationFramework.pdb source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\WindowsBase.pdbe source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdbSystem.ni.dllH source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbsT source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000753000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: WindowsBase.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb|Q source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdbb source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000797000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.pdbbxo source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000797000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: PresentationFramework.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xaml.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: WindowsBase.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: mscorlib.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\user\Desktop\Document for shipping.PDB$y source: Document for shipping.exe, 00000003.00000002.81164074176.00000000004F6000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: PresentationCore.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xml.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: WindowsBase.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Users\user\Desktop\Document for shipping.PDBad source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb]QF source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xaml.pdbMZ@ source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Document for shipping.exe, 00000003.00000002.81164265279.0000000000753000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xml.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: PresentationCore.ni.pdbRSDS:Ne source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: vk.pdb source: Document for shipping.exe, 00000003.00000002.81164074176.00000000004F6000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: WindowsBase.pdb(|s source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: mscorlib.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: p0C:\Windows\mscorlib.pdb source: Document for shipping.exe, 00000003.00000002.81164074176.00000000004F6000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: PresentationCore.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Xaml.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: C:\Windows\PresentationFramework.pdbpdbork.pdb source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdbn source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.Core.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: \??\C:\Windows\symbols\dll\PresentationFramework.pdbg.D source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdbRSDS] source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: C:\Windows\WindowsBase.pdbpdbase.pdbbQS source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007F0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\WindowsBase.pdb source: Document for shipping.exe, 00000003.00000002.81166811438.0000000004CC0000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.pdbp source: Document for shipping.exe, 00000003.00000002.81164265279.00000000007B2000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: PresentationFramework.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.ni.pdb source: WER52C7.tmp.dmp.6.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER52C7.tmp.dmp.6.dr |
Source: Document for shipping.exe, --.cs |
.Net Code: _0003 System.Reflection.Assembly.Load(byte[]) |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Memory allocated: 2380000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Memory allocated: 2580000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\Document for shipping.exe |
Memory allocated: 4580000 memory reserve | memory write watch |
Jump to behavior |
Source: Amcache.hve.6.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.6.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.6.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.2107.4-0\msmpeng.exe |
Source: Amcache.hve.6.dr |
Binary or memory string: MsMpEng.exe |