Source: |
Binary string: System.Xml.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.ni.pdbRSDS source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: KjCBSM7Ukv.exe, 00000000.00000002.1652553493.0000000004160000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1652553493.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002609000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1657555936.0000000004430000.00000004.08000000.00040000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002650000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: KjCBSM7Ukv.exe, 00000000.00000002.1652553493.0000000004160000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1652553493.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002609000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1657555936.0000000004430000.00000004.08000000.00040000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002650000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: protobuf-net.pdb source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Xml.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Management.ni.pdbRSDSJ< source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.pdbH source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Management.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Management.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER40FF.tmp.dmp.4.dr |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J |
Source: cvtres.exe, 00000001.00000002.1781695360.000000000304C000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.1781695360.000000000305C000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.1781695360.0000000003064000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.00000000026F8000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1650015728.00000000026E3000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.1780455840.0000000000402000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: cvtres.exe, 00000001.00000002.1780735464.000000000136A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hosting6 |
Source: cvtres.exe, 00000001.00000002.1780735464.000000000136A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com/line/?fields=hostingy |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://ocsp.digicert.com0H |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://ocsp.digicert.com0I |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.00000000023E1000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000001.00000002.1781695360.000000000304C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Amcache.hve.4.dr |
String found in binary or memory: http://upx.sf.net |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: https://discord.com/ |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: https://discord.com/# |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: https://discord.com/2 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: https://discord.com/6 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: https://discord.com/9 |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: https://discord.com/: |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-net |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-netJ |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-neti |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/11564914/23354; |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.00000000026F8000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/14436606/23354 |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/2152978/23354 |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.00000000023E1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://www.file-drop.cc |
Source: KjCBSM7Ukv.exe |
String found in binary or memory: https://www.file-drop.cc/D/6829ab/Fizvmrd.vdf |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.000000000244C000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.00000000026F8000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameXClient69.exe4 vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1658667016.0000000005570000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameBrnuhepyot.dll" vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.000000000295B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclrjit.dllT vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.000000000295B000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1648896271.00000000006EE000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1652553493.00000000037C9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameBrnuhepyot.dll" vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1652553493.0000000003EC0000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameBrnuhepyot.dll" vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1652553493.0000000004160000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1652553493.00000000040E8000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002609000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.00000000026E3000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameXClient69.exe4 vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000000.1628006059.0000000000112000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamedisc.exe^ vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1657555936.0000000004430000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002650000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs KjCBSM7Ukv.exe |
Source: KjCBSM7Ukv.exe |
Binary or memory string: OriginalFilenamedisc.exe^ vs KjCBSM7Ukv.exe |
Source: 0.2.KjCBSM7Ukv.exe.41602b8.7.raw.unpack, TaskSecurity.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges() |
Source: 0.2.KjCBSM7Ukv.exe.41602b8.7.raw.unpack, TaskSecurity.cs |
Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule) |
Source: 0.2.KjCBSM7Ukv.exe.4430000.10.raw.unpack, TaskPrincipal.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 0.2.KjCBSM7Ukv.exe.4110298.6.raw.unpack, Task.cs |
Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: 0.2.KjCBSM7Ukv.exe.41602b8.7.raw.unpack, User.cs |
Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type) |
Source: 0.2.KjCBSM7Ukv.exe.4110298.6.raw.unpack, TaskSecurity.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges() |
Source: 0.2.KjCBSM7Ukv.exe.4110298.6.raw.unpack, TaskSecurity.cs |
Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule) |
Source: 0.2.KjCBSM7Ukv.exe.4430000.10.raw.unpack, Task.cs |
Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: 0.2.KjCBSM7Ukv.exe.4430000.10.raw.unpack, User.cs |
Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type) |
Source: 0.2.KjCBSM7Ukv.exe.4430000.10.raw.unpack, TaskFolder.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: 0.2.KjCBSM7Ukv.exe.41602b8.7.raw.unpack, TaskFolder.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: 0.2.KjCBSM7Ukv.exe.4430000.10.raw.unpack, TaskSecurity.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges() |
Source: 0.2.KjCBSM7Ukv.exe.4430000.10.raw.unpack, TaskSecurity.cs |
Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule) |
Source: 0.2.KjCBSM7Ukv.exe.41602b8.7.raw.unpack, TaskPrincipal.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, Lof5uhYcyFa0fioPYjKPe99cqLRTqzxK8RWKufv2mhMg2yKOdlgd1RBJbAkO4QLvObNqtKI8efoDiLDVG14Z07NKOIjFM.cs |
Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, Lof5uhYcyFa0fioPYjKPe99cqLRTqzxK8RWKufv2mhMg2yKOdlgd1RBJbAkO4QLvObNqtKI8efoDiLDVG14Z07NKOIjFM.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 0.2.KjCBSM7Ukv.exe.41602b8.7.raw.unpack, Task.cs |
Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: 0.2.KjCBSM7Ukv.exe.4110298.6.raw.unpack, TaskFolder.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: 0.2.KjCBSM7Ukv.exe.4110298.6.raw.unpack, TaskPrincipal.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 0.2.KjCBSM7Ukv.exe.4110298.6.raw.unpack, User.cs |
Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type) |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: |
Binary string: System.Xml.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.ni.pdbRSDS source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: KjCBSM7Ukv.exe, 00000000.00000002.1652553493.0000000004160000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1652553493.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002609000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1657555936.0000000004430000.00000004.08000000.00040000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002650000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: KjCBSM7Ukv.exe, 00000000.00000002.1652553493.0000000004160000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1652553493.00000000040E8000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002609000.00000004.00000800.00020000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1657555936.0000000004430000.00000004.08000000.00040000.00000000.sdmp, KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002650000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: System.Configuration.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: mscorlib.ni.pdbRSDS source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: protobuf-net.pdb source: KjCBSM7Ukv.exe, 00000000.00000002.1661838396.0000000005A90000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: System.Configuration.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Xml.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Xml.ni.pdbRSDS# source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: Microsoft.VisualBasic.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Management.ni.pdbRSDSJ< source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.pdbH source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Management.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: mscorlib.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Management.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Configuration.ni.pdbRSDScUN source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.ni.pdb source: WER40FF.tmp.dmp.4.dr |
Source: |
Binary string: System.Core.ni.pdbRSDS source: WER40FF.tmp.dmp.4.dr |
Source: KjCBSM7Ukv.exe, Program.cs |
.Net Code: PerformComplexCalculation System.AppDomain.Load(byte[]) |
Source: 0.2.KjCBSM7Ukv.exe.41602b8.7.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
Source: 0.2.KjCBSM7Ukv.exe.41602b8.7.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
Source: 0.2.KjCBSM7Ukv.exe.41602b8.7.raw.unpack, XmlSerializationHelper.cs |
.Net Code: ReadObjectProperties |
Source: 0.2.KjCBSM7Ukv.exe.5a90000.13.raw.unpack, TypeModel.cs |
.Net Code: TryDeserializeList |
Source: 0.2.KjCBSM7Ukv.exe.5a90000.13.raw.unpack, ListDecorator.cs |
.Net Code: Read |
Source: 0.2.KjCBSM7Ukv.exe.5a90000.13.raw.unpack, TypeSerializer.cs |
.Net Code: CreateInstance |
Source: 0.2.KjCBSM7Ukv.exe.5a90000.13.raw.unpack, TypeSerializer.cs |
.Net Code: EmitCreateInstance |
Source: 0.2.KjCBSM7Ukv.exe.5a90000.13.raw.unpack, TypeSerializer.cs |
.Net Code: EmitCreateIfNull |
Source: 0.2.KjCBSM7Ukv.exe.4110298.6.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
Source: 0.2.KjCBSM7Ukv.exe.4110298.6.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
Source: 0.2.KjCBSM7Ukv.exe.4110298.6.raw.unpack, XmlSerializationHelper.cs |
.Net Code: ReadObjectProperties |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, 5wiSm7EBxTiBGFt8wGsQtht05lGypg973Cwdja1k8SQ7eYKeLIebuVUnvH5O81s6OtAntxFmjFw4gZzvtN6yzBZyRxuCw.cs |
.Net Code: RoOwIgv14BDSo8hGtE9pEEFolIBstnU9h01jfvlBjC3VQm6mOJgWIQpjGZz9g80svnJ4fJiI7bG7Qp0h8LjfMR3JVOZ8Q System.AppDomain.Load(byte[]) |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, 5wiSm7EBxTiBGFt8wGsQtht05lGypg973Cwdja1k8SQ7eYKeLIebuVUnvH5O81s6OtAntxFmjFw4gZzvtN6yzBZyRxuCw.cs |
.Net Code: kn96RDglqorjf7OGrgep9jqrEo1y4IgqRA9YHkWPq9Ekr4zVOsaQ0HaxE5H8iaPg2FykMDjnnaHO2EI2K5hldnsFFSAuN System.AppDomain.Load(byte[]) |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, 5wiSm7EBxTiBGFt8wGsQtht05lGypg973Cwdja1k8SQ7eYKeLIebuVUnvH5O81s6OtAntxFmjFw4gZzvtN6yzBZyRxuCw.cs |
.Net Code: kn96RDglqorjf7OGrgep9jqrEo1y4IgqRA9YHkWPq9Ekr4zVOsaQ0HaxE5H8iaPg2FykMDjnnaHO2EI2K5hldnsFFSAuN |
Source: 0.2.KjCBSM7Ukv.exe.4430000.10.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
Source: 0.2.KjCBSM7Ukv.exe.4430000.10.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
Source: 0.2.KjCBSM7Ukv.exe.4430000.10.raw.unpack, XmlSerializationHelper.cs |
.Net Code: ReadObjectProperties |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, spIgdAVKzYKo3gxf35lM9RbEUi3MbpZ0iN4U4EiA4c6ZYFvFA5acMsAsK35OXv55Fwr1R3tXMeVnX2.cs |
High entropy of concatenated method names: 'Ii4604e1aF6Pmp4xImMcZ8PMKyRJI9D6a3VKfhSWRoLouAz0Q8xa9sbER8iIYcSsu2OlU2oSmgg3Iv', 'GFSr5uvITDVIGWNdzKSjDNGAO5wWBZgBGyh3jJJK2EQkvCQB9gJNj2m53PupdkPBHzaMZBTcDJHG8G', 's7NEjslk17WSVL5yDBlcmn6itFjgFU19ql7Fi9gxoIXZKpbpalY50ZKe0MtqNhdVp9PZYm4jzJQRCm', 'rzVQXXgtq4PAhccyWUx7D', 'PSVwohbSHrh5WSLjPI9ej', 'YKIFgPJaSWNwbuxPhAmyS', 'uUWoFH4xYPbaN4R9FdF2E', 'ozryzmNgkB626nzKc7X1o', 'Ef2AkmRRyVaOyFvPx5J6b', 'VhRcstUTM0kosdfogxonO' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, BmbcNrp9UKDIVUXMDLIMRgdU6CWuOqCWzbQECkn78bNMFxwsPPgnTiGV9WQ7Tb6xuGgbkHFaCFja9nJFqeUQwrunePyOH.cs |
High entropy of concatenated method names: 'CAFZozUzf9Zd9t63w0xWiFi6yZQEPZxaKSXIcDbF9lbpVMk18EtdZZjPXR0ECx9wYCkxmag8iQ7epV', 'iuj4zxKbRI10MRD9RzKMsQJ5T7z2h9d96xVcHrrO4ebpdq0YKA5IGZlWcCa1rqEtAbv7HXwaXmBY0F', 'MWYeSkfnK6mrCQoOnzgmvfWxzkBef4zopZtq5A6KuE3NON6GvTxhVrbRnH7HsboJ5zlKltmLXupcqh', 'UBD34Awc8fXqRYB4vgJIeYcOuj7L5aDcphLVmd8DQirXQj3dT76fGGtqNQvANuy3ZIDum0baCXr5NV' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, qvVlJlZDr0Sny4F1G7zPVbAP6Rrup8xZYlnUw9SkLn7CMt6IUnuWp6Hlhn2GZuG8uejZTQ08XJnq0FTTSkW9BF857pvsL.cs |
High entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', 'LA7BoHfi5DwtTjPwOvozPPVSvTHG3Pl41hqOjU3wSK6ALraDQFm89fjn88oNfJEHSWMzH4t5Crm9hm', 'cQJSs6ZpsufvX3nQkVi2ZVVnsgPooYAAXZ3IAezqIhVACF4jaoeUQ4zlwkbyULrUB7D8uM8ZilRUUZ', 'fY8CCoJmq5u9nNULOwBcbWL3erX2angSLNECZpI8VKYEdkkI9kfe8qtxBHnGtKtWdX6H2X0N5umKdE', 'TJTPCBfsp0vqUuAGUPTeIkBdFCYRVaK7d5GEIYJLJb5NIcKSYVcaiFc0n5TyOLEbiOZz4OIa5JQFz9' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, Q60Zn6xFubhiwuraExcDn2ijwJuxRg2iSSxBEamkXk2UfRlsW1D3zHfmTK71LcmEa3qUT7YU2p7u1zipHXSlC4Ra6p139.cs |
High entropy of concatenated method names: 'HaObHHWE8qI9AyyUsJRN63sIdsJUqjLJohPEVToH4P01xshDjjCwmtVsRRRqiED7AsMN95kmhOqOUZ5ABRHcKYflNIIpr', 'FH2YKFKToWuD3gmHslCqJkxfa7Hz6WIsu4pzu2P3ITxitaqWYVoAOEROJYe00yo8s4xJq51Pbhpo7iOMb7hjfi4CsfOdU', 'es35mn0WJ4zF8Vr6DuUnFJ0NrzYLrFz1rIqmwA8cTwQEzl6W4wawfJwKsx6QI3X6vt3iAWCVhqjYhGXuJ4oewXAegn7zq', 'dIX0jLlq5U7anG0ipRxONtGXXQKiSli0aT08HqPcznaRquY6pSVfTUzF3e97D3BfFWCLQVJ557gggf7gHkHqTv1K9IDvQ', 'HwvzSV5EBbFxjF5HHxRSFYcjMTljuiBxaNM8suqTzIEIYGHEwoYW8AblmP5yywa2I0RGkmwkc99QAifyFKbPcSlY3A9cn', 'mjFSlwdyYRm925ObpeH0mZ4yDMqS0qRkd3FLwBkBNczIdDf07UIjbWB19xTLLVmEtyQhEhrTumyJEKvITDnbS3ND4QewW', '_3B60ygMVKkaPdK0z9ex0IjUvODfg1vDunF86VgZ4Dye2KY1dlFfU37PHdboP7MrSq2yxOQ4g3OuqKLpWzdJnCmBdU1pgm', 'jWaKJ1HSmE75kaPM9Af4Otc2eFYbq72WuFIyxlFxyaubJ16nYOJq0KzDl15oVDph49FKI3D7R867qId7tuYRZHWlnd4F9', 'OawLwhLLXYt0qplwMJRHrJdSkeKybSVPAujJ8RPDUDVAE7VaHB3jj87R11jhE2N2JdIoFR5mLT2UQdPWtC7DG22tfGLFo', '_3YPs4hu77fC9cGRD2OQExWxy2nWidHkWf5ER8A3Vu9NVwOeIMdjicVghFpm6495mzGNQPpuNJR9W3u6LedyCkBLz2E1XX' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, E82QoNmOZf4HIIO7HiT6rnL8gaPd4gt0PHOeqpPWp8SJWRqcriTPoZ8MmcOcvvlKl0bXiJNYBd7C70.cs |
High entropy of concatenated method names: '_4MAYSCLZUfLXWr1ZAK5m7bLTsxxqqrlKu9j6IUXetevgd0DKXEO6h26Udi7N8FniVFHuAOmg5omZp8', 'Ig2WOVZ7Lq4qdvIY2738KY2KsJVhhqSlvVo5ww8MlZJU9VwrlaE9RMrvAb8vYWWI33sWJisFioA6hX', '_6Ktp9sMYX59TEdHmoSCYBmuo3hFJGtwHCsLKE1lJEBmiTkbdtnXmfoVuKG8uvTckzoIsI22kj5VNOQ', 'J38KPaUZs8WFqDEAAtxl7', 'AezvXVkcgOdEjBUupUjTU', '_7ZDlvuXA86ghEbB5pIFb5', 'iLLWF82zNmMs7PveewK2g', '_0f5XPvTU8RyWxT43BAQad', 'NpHvfhuulRu4kHZ8roRkK', 'l5zameYtMluC4ZgnUL3el' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, ICNhUEC49XYePafhHkU9bNM74HFLRmpWda3g4FlCDSetuYw9rAjWICE3BOqjQyOJKckJ79LNQ2mCW4.cs |
High entropy of concatenated method names: 'ZhHTeSxHzdBN8EybO6wyBxlfgloueQ0b8HB4FZc6DX10G5yX2FP4xN6t7kygnEFifmVfT2L7glnJ80', '_70BNbPfVJnNiDoL33NQTLiTqGpyHGc9hagv8xPn14nNWaqOHaMexLc1xrtBRGOXtbvjNM2JHLI5dRO', '_3Ckb6LGe4cwpnt88kptwxJeE534iDBG0j62SakM0yC5wIGjbksRmgQV3vj0WnZyy8Dim9C6w2WjHOo', 'U5exNRbcJowQCzw78hBMEDC9BHpw8vdQQGGAY8qZx8TTGuuR2mv9o5X79TglhEbAg37RgD6SCrE6um', 'qnkIvk8wZscjA3MPrvLVl1aYLsppqdkzDMk8gXDUwWnH3iICb3jPURzs4Q3PdiywkhCsNJFzsdsfRf', 'uHXYrDBo9MKqVciYsC6qAoAjPS6bNHmKJdcvUNx8ZL2miSWccPVRjfNdqiXBVBR5sTVavIisRXWW8D', 'srVuSX3Me0cfZb3KBx47W54ufOyFvt9eR72Cd0FGUlcw5bm80FvbhGfUDiIwO8BLMbAjSwAa5A3E12', 'tWBf4S8hRKFmfsbKtvvtAbBtuDKCxlNUBHOuSH5TR1DLYnWDArRdvRMYOKvAOban5Q7fUFx26GjNGy', 'dpOSyOQfsWrZ3jfASFXP07qLQ3RFyj4tGujsd57NisN38aw9O9UgMTY025doTs591drsrV8JV8LcGE', 'lTIoKCtp9nNfGKgNpnK9w7oAnbhuHqe4T3TEv7r0qxFPmCpsdBNKELrSBbiESrMppYfN4WfxHinurm' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, P3QNHTebhUTJn6Wgte6XhlSUgveTd3ige2yrBhaNzrxnt10B7R27wqWJVbiztnTiUxSPhCXLkaV7zt.cs |
High entropy of concatenated method names: 'tl18V5cS3Xc5rsw4GwldtK5v56MwgIRlWmp8xT8K4g2xRB7AdDODnNOwL7o9IZDYjwCAvPSmS5pj4M', 'wJQ20Hcw6Xuyrx3MQNWCLixf6M05DCClT19YNXuApaGbQ6pb5yFRiTgbE3NeS9jaW4XMNNcX4FOeEz', 'oZcCo77IWP2hORto8yWhPgrbT2NwGtXf8TvDYfS7nxw6jM8M5PR4qJrMHdDDjSHVRL77kNnpm9CMhk', 'tP7bYTKPvk5wH1YeJzFu8', 'pqHY3NfyCS3dznIzEkOUm', 'gCVUzSOa7rMeTi2EcRQSo', 'VHq2D79g6kTnwUtWxR5EV', 'mICjSzNnshS5wVChAE627', 'pGLxCjIojLmtCQLZn0hdb', 'qbOyEvhQGfjK1JilGBAu5' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, 5wiSm7EBxTiBGFt8wGsQtht05lGypg973Cwdja1k8SQ7eYKeLIebuVUnvH5O81s6OtAntxFmjFw4gZzvtN6yzBZyRxuCw.cs |
High entropy of concatenated method names: 'g7yxGRGGBhln30VYH9hoUNeDM9a8wqcKYv0LfotVwUgtSubO6AyPgn83NX3JLQ1T3YfMqcYOi1Y4UcZTbxBHYPurBrAu3', 'RoOwIgv14BDSo8hGtE9pEEFolIBstnU9h01jfvlBjC3VQm6mOJgWIQpjGZz9g80svnJ4fJiI7bG7Qp0h8LjfMR3JVOZ8Q', 'fMfyv3oAp0Qgea1m7Vh2vGWifxW5CTNkNJ9GUOk2mkEetbSK5o0C3PCZ7OzlICXdJRTB0HthqVBTvOEgCbXRtsjW1KQu7', '_5JeouvyDslZtuG6BCaIPQrSo7jSWEB6rGqX8hhmRAj9xDvqUMJzCFjaKFzrmjX817dzEwaDt8tJ1qqpJmCYee77KcNC35', 'tcwDOXP34syeIdqExS5j0lXVgyyYSpOo2mhcj5EV94gerILMuLbX39gKHEjAoLhrPLJMIKCxLY8qS1pgyRsvjBe2o0qZR', 'sQuBskSrSGNBFWzCZb6dz6IbB3RGXNwP3fpj1yuNc4f1M5U9y88VsXcCiB9s9rZp8L1eFwofEf4Xau9LNgu2yqfIhKchJ', 'MAXkVEy7r7j1BeSaTaHejwcz1i38sxmfXzRYaL5YfjArQKpfgbZip26vFfYxrqSdrr0kaG9HqiVte7v49Nq1GV88vuB6V', '_6iQE2RKQgre0NUZWLbk3O12JxPeC0DLyHXqroMn14knw1wXGhauY1E2baaOshWJXKzNk4F6mEGWnqjhhdnv7J7CHbA2dd', 'lhcBTjpo9mqG1UF36bv8LJWNtL5S3cJPLBz2DIfYSEtCC1MTtB1BGw7XJLfxueobpbJBlQszWdUskIwHw5JBuHajw2wpC', 'HwbwHJIE59X7owMSlPF9bE1Ru5ns0IS8bRz6Lmo54dm6AyhfR1z9Qo5qRLF6cd2VSEEqnCffsCUmMEo6Fe6azSlsgePDQ' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, Lof5uhYcyFa0fioPYjKPe99cqLRTqzxK8RWKufv2mhMg2yKOdlgd1RBJbAkO4QLvObNqtKI8efoDiLDVG14Z07NKOIjFM.cs |
High entropy of concatenated method names: 'GQFHxjh4relEjLLVWukRRy65rvv3cviO2KluqrB3plnm6Tmkz4uO0Z0ZiyJ92MvgtmIPefhsrTWg0E0DkqVOrjH0qKHJb', 'CxtgTmXOqfN75RxTlbWgsCpCHMEUirCSRjlcrDfvKS9mnJhwuBoj2BueacLWEqDrLpV3OzXIqD9FE1ak7A6icJsDGZFsi', '_1ozH2Z5ekqbpcOfqPWp2gLWbxx1fxooB7eWHhy4uIiFpFwE0jiSzzVl7JoWbgdybaaQqxRYzCwqP85TgEebaMxJYGEtmO', 'HJWL2FSItf6nSqnjAb2hF1NwA0JUF5y2zzZMOz3g4Ef9PlKobhn0HN0wxK5x2fyQT00vuZsuZQv7v7YNiooanAj9ZQ3cj', '_56qdoKQcSObDwzryo2WJZroQdvi2irXbdJfZHmNsw7F9yEuNqkbgpWp8Zfvrov1eBcNuUMxNcJ1H0Z8mZUSahG6tk1J0T', 'N1mNFG5jM2F0LMozF1Vte4TVc6RiQAsuMLQYEfuzdna2TNJJ8a2fwLAatsPmgShGxHQYvbT5L0lYP1TgZoea2XWwdWnrL', 'mEFEr2TvvvKlIiBcYOvMFxd6XPfFPEjQhdsuH3JbmR1n8SIaktuktnzh9w9dSiA65VVju036W1UUPOMJYDODvGrWFrqst', 'U8Fq6qyNDteRbWr1vA3eO7jlWNWaEaMm4g249mDaWCWAPAIfyCpFWXn07HIDVOpMbYjl5yl2u2BSjUZtUWF253DPc51lv', 'A9GLzDs3uZXNhen59OriZpSyWBC0tqKAsqlrldctNZ5mPOJUqRQGMKSzx3oBTKKKOfIgRjzFsqxajTtHnjNc0SBYX25ce', 'aU7KkJkmKX9auy8bQt0uCCv2i5vLRqDy2oIGvl2Y13T76WXNGsjVKLFTqiYux1GuKziwFJeBYIh01Q5xnBGTuNcmuWFG5' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, 55WGExtdPFTFcXPQCATisRiqB5DcSyba2zwYvXUE894St4doBFa2JUbinHIbyKpa8TjbcEQz5P9meu.cs |
High entropy of concatenated method names: 'fBNcOtV6thM1vJWYdvU3j6IcK4ied4ujxXis5fhigtl0XEpk9U7lLxEzkNj5c2lfON3ktf051EnFK8', 'RO0RWVEgIVjnqI3AoBd8howWJ077tQAoYeytwbSlj4qenWq7ZYqUm9gs9TEdL0LneEMk1RvZ2XtAU8', 'XYmbYIIUG8HfEtRQcMlOGFOMjOzDkCQdwTDMWOvTQb9F1S33S8fMIJO3ZdEXW5S5drrMBMzfZWG4hZ', 'AA5FbMEmRF0Q2CfW2tRfIAmYj0KcHf7zEx565JF5ZDDFn2auEtiucGR3X7wdjiZPVtYzpQBoSYwvph', 'SaWSrGxCyrEY2MrnzdSpf', 'yxUzCYn4LCnrxOPTRt4KQ', '_2Kaa8xgdJvnAfArLUQaJi', '_7aWtHN4qXg8cpW65dJ7GP', 'RjOaJiRaNOf5I1wF3d33v', 'qUpfQP53LfvzNqo3FFlse' |
Source: 0.2.KjCBSM7Ukv.exe.276bd60.1.raw.unpack, ssgag3T7mIN41nJTdxiIlJDOyE3pMd5g6WEB7TgSwXVvrgjStRWBeAg5mJ8h87x3O364SxNZMwKgyL.cs |
High entropy of concatenated method names: 'UypUUbau1ZinT0UXzYZxdvfrDzGWsmwg0AKw6yZFw0OLobdVIyDS5u7I0SVPS0tlutlHFt2K3glxFt', 'tsFnM0w5hNUPxZ2EvXnE1', 'IakdJ6fSfmI1pPLrEG00a', 'vSaJF76rzFsGFiak4a80N', 'j3BWlhAuCFRf19robiRmS' |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\KjCBSM7Ukv.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: cvtres.exe, 00000001.00000002.1780735464.000000000139F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.4.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.4.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1648896271.0000000000728000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll* |
Source: Amcache.hve.4.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.4.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.syshbin` |
Source: cvtres.exe, 00000001.00000002.1781695360.0000000002FD9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmware |
Source: Amcache.hve.4.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware20,1 |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002650000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.4.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.4.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.4.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: KjCBSM7Ukv.exe, 00000000.00000002.1650015728.0000000002650000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: model0Microsoft|VMWare|Virtual |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.4.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.4.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.4.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |