Source: http://pesterbdd.com/images/Pester.png |
URL Reputation: Label: malware |
Source: http://pesterbdd.com/images/Pester.png |
URL Reputation: Label: malware |
Source: QR Code extractor |
URL: http:// |
Source: QR Code extractor |
URL: http:// |
Source: InmateExport.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: unknown |
HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49724 version: TLS 1.0 |
Source: unknown |
HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49718 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49720 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49722 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49728 version: TLS 1.2 |
Source: InmateExport.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Windows\Microsoft.Net\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.pdb source: InmateExport.exe, 00000000.00000002.3877711762.000000001CFEF000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: PresentationCore.pdbonCore.pdbpdbore.pdbsentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.pdb source: InmateExport.exe, 00000000.00000002.3877711762.000000001CFEF000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: @C:\Windows\PresentationCore.pdb source: InmateExport.exe, 00000000.00000002.3877711762.000000001CFEF000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: symbols\dll\PresentationCore.pdbmation` source: InmateExport.exe, 00000000.00000002.3877711762.000000001CFEF000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: PresentationCore.pdbj source: InmateExport.exe, 00000000.00000002.3877711762.000000001CFEF000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: PresentationCore.pdb source: InmateExport.exe, 00000000.00000002.3877711762.000000001CFEF000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: ws\System.Management.Automation.pdbpdb source: InmateExport.exe, 00000000.00000002.3878140712.000000001FA94000.00000004.00000020.00020000.00000000.sdmp |
Source: Joe Sandbox View |
IP Address: 239.255.255.250 239.255.255.250 |
Source: Joe Sandbox View |
JA3 fingerprint: 1138de370e523e824bbca92d049a3777 |
Source: Joe Sandbox View |
JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4 |
Source: unknown |
HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49724 version: TLS 1.0 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.204.76.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 23.1.237.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 52.165.165.26 |
Source: global traffic |
HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGLnsrrEGIjB1A5lMzAj7FM0IL6VyuLTZpbdu_xzXLz1UAK55X4ooHkpyrcCzZTXSkwTXgYW3TjQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-14; NID=513=V30X4ZlZw1ok9MO-WSMqx9ECR5lRuBPmmki6L1IhSYfhiXyQnjpRnrO5HkXaKEC43Vmcdi_572l_6XUw56bMY7GH52ONQOkhpA_0b9irshXRMed9AlB_4wY7CPKgo7Abh_DsAGiRx1eounLQH2hCk5I7iVcM0rvLjKhYnzvUqHA |
Source: global traffic |
HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGLnsrrEGIjB_vNXGEgS9wJOhWFsE_iSQf_VNStHm5XAaXmLVbZR8megKDZAIxcSH_CsuRT25tegyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-14; NID=513=nAvg1gzfyxqGn7ataqVgIyxR50yYQag6YoLztpCSefUsBli0fhphHb7ob1BQMlrUVDUBXGeO7g8Eu00af6LmS27in-EaP7lSfx-LHWlmQ3-Z4Vw9SG8tcBMABihmh4NW3Y4jPumKeUdWL87uuJe9_97dHy4bOIU638Adpq_WMxQ |
Source: global traffic |
HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=VHPslDFKE8cb8+u&MD=lRk+fS1E HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=VHPslDFKE8cb8+u&MD=lRk+fS1E HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com |
Source: global traffic |
DNS traffic detected: DNS query: www.google.com |
Source: unknown |
HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714140709004&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF |
Source: InmateExport.exe, 00000000.00000002.3878140712.000000001F9E4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.m |
Source: InmateExport.exe, 00000000.00000002.3870633777.000000001258F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: InmateExport.exe, 00000000.00000002.3863543056.0000000002CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: InmateExport.exe, 00000000.00000002.3863543056.0000000002CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: InmateExport.exe, 00000000.00000002.3863543056.00000000024D1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: InmateExport.exe, 00000000.00000002.3863543056.0000000002CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: InmateExport.exe, 00000000.00000002.3863543056.0000000002CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: InmateExport.exe, 00000000.00000002.3863543056.0000000002CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/winsvr-2022-pshelp |
Source: InmateExport.exe, 00000000.00000002.3870633777.000000001258F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: InmateExport.exe, 00000000.00000002.3870633777.000000001258F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: InmateExport.exe, 00000000.00000002.3870633777.000000001258F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: InmateExport.exe, 00000000.00000002.3863543056.0000000002CF3000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: InmateExport.exe, 00000000.00000002.3870633777.000000001258F000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: unknown |
Network traffic detected: HTTP traffic on port 49674 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49708 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49722 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49710 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49720 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49712 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49720 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49722 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49718 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49715 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49715 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49712 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49734 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49709 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49675 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49710 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49734 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49673 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49707 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49730 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49730 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49703 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49724 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49728 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49709 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49708 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49707 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49728 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49703 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49718 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49724 |
Source: unknown |
HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49718 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49720 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.5:49722 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.5:49728 version: TLS 1.2 |
Source: C:\Users\user\Desktop\InmateExport.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security |
Jump to behavior |
Source: C:\Users\user\Desktop\InmateExport.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security |
Jump to behavior |
Source: C:\Users\user\Desktop\InmateExport.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security |
Jump to behavior |
Source: C:\Users\user\Desktop\InmateExport.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security |
Jump to behavior |
Source: C:\Users\user\Desktop\InmateExport.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System |
Jump to behavior |
Source: C:\Users\user\Desktop\InmateExport.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System |
Jump to behavior |
Source: C:\Users\user\Desktop\InmateExport.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell |
Jump to behavior |
Source: C:\Users\user\Desktop\InmateExport.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System |
Jump to behavior |
Source: C:\Users\user\Desktop\InmateExport.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System |
Jump to behavior |
Source: InmateExport.exe, MainApp.cs |
Long String: Length: 50004 |
Source: C:\Users\user\Desktop\InmateExport.exe |
Code function: 0_2_00007FF848F209B2 |
0_2_00007FF848F209B2 |
Source: C:\Users\user\Desktop\InmateExport.exe |
Code function: 0_2_00007FF848F2E84A |
0_2_00007FF848F2E84A |
Source: C:\Users\user\Desktop\InmateExport.exe |
Code function: 0_2_00007FF848F30F38 |
0_2_00007FF848F30F38 |
Source: C:\Users\user\Desktop\InmateExport.exe |
Code function: 0_2_00007FF848FFAE1E |
0_2_00007FF848FFAE1E |
Source: C:\Users\user\Desktop\InmateExport.exe |
Code function: 0_2_00007FF848FF9CA0 |
0_2_00007FF848FF9CA0 |
Source: C:\Users\user\Desktop\InmateExport.exe |
Code function: 0_2_00007FF8493A2C34 |
0_2_00007FF8493A2C34 |
Source: InmateExport.exe, 00000000.00000002.3863543056.000000000253C000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFileName vs InmateExport.exe |
Source: InmateExport.exe, 00000000.00000002.3863543056.00000000024D1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs InmateExport.exe |
Source: InmateExport.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: InmateExport.exe, MainApp.cs |
Base64 encoded string: 'IyAqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqDQojIFNjcmlwdCB3cml0dGVuIGJ5IFJ5YW4gSGVzcyBmb3IgU08gSVQgVW5pdA0KIyBUaGlzIHNjcmlwdCBxdWVyaWVzIFNRTCB0byBwdWxsIGlubWF0ZSBpbmZvcm1hdGlvbiBmb3IgbWVkaWNhbCBpbmZvIGZvbGxvdyB1cA0KIyBUaGUgc2NyaXB0IHByb21wdHMgZm9yIGEgbG9jYXRpb24gdG8gc3RvcmUgdGhlIG91dHB1dCBmaWxlLCBkZWZhdWx0IGxvY2F0aW9uIHNob3VsZCBiZSB0aGUgdXNlcidzIGRlc2t0b3ANCiMgVGhlIHNjcmlwdCBhbHNvIHByb21wdHMgZm9yIHN0YXJ0IGFuZCBlbmQgZGF0ZXMgdG8gcXVlcnkgYmV0d2Vlbg0KIyBUaGUgb3V0cHV0IGZpbGUgaXMgYSAuY3N2IGZpbGUgZm9ybWF0dGVkIHRvIHVzZSA9IGFzIHRoZSBkZWxpbWV0ZXINCiMgKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKg0KDQoNCiMgQWRkcyBhbmQgSW1wb3J0cw0KQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBQcmVzZW50YXRpb25GcmFtZXdvcmsNCg0KIyBTZXR1cCBydW5zcGFjZSBmb3IgR1VJDQokVWlSdW5zcGFjZSA9IFtydW5zcGFjZWZhY3RvcnldOjpDcmVhdGVSdW5zcGFjZSgpDQokVWlSdW5zcGFjZS5BcGFydG1lbnRTdGF0ZSA9ICJTVEEiDQokVWlSdW5zcGFjZS5UaHJlYWRPcHRpb25zID0gIlJldXNlVGhyZWFkIg0KJFVpUnVuc3BhY2UuT3BlbigpDQoNCiRVaUNvZGUgPSB7DQogICAgIyBCdWlsZCB0aGUgVUkNCiAgICBbeG1sXSR4YW1sID0gQCINCiAgICA8V2luZG93IA0KICAgICAgICB4bWxucz0iaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmNvbS93aW5meC8yMDA2L3hhbWwvcHJlc2VudGF0aW9uIg0KICAgICAgICB4bWxuczp4PSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmZ4LzIwMDYveGFtbCINCiAgICAgICAgVGl0bGU9IkphaWwgRGF0YSBQdWxsIiBIZWlnaHQ9IjQ3MCIgV2lkdGg9Ijc4NSI+DQogICAgICAgIDxHcmlkPg0KICAgICAgICAgICAgPERhdGVQaWNrZXIgeDpOYW1lPSJkcGtTdGFydCIgSG9yaXpvbnRhbEFsaWdubWVudD0iTGVmdCIgTWFyZ2luPSIyNjAsMjMyLDAsMCIgVmVydGljYWxBbGlnbm1lbnQ9IlRvcCIvPg0KICAgICAgICAgICAgPEJ1dHRvbiB4Ok5hbWU9ImJ0bkJyb3dzZSIgQ29udGVudD0iQnJvd3NlLi4uIiBIb3Jpem9udGFsQWxpZ25tZW50PSJMZWZ0IiBNYXJnaW49IjY4NCwzNTEsMCwwIiBWZXJ0aWNhbEFsaWdubWVudD0iVG9wIiBXaWR0aD0iNzUiIEhlaWdodD0iMjMiLz4NCiAgICAgICAgICAgIDxUZXh0Qm94IHg6TmFtZT0idGJ4TG9jYXRpb24iIEhvcml6b250YWxBbGlnbm1lbnQ9IkxlZnQiIEhlaWdodD0iMjMiIE1hcmdpbj0iMTIsMzUxLDAsMCIgVGV4dFdyYXBwaW5nPSJXcmFwIiBWZXJ0aWNhbEFsaWdubWVudD0iVG9wIiBXaWR0aD0iNjY3Ii8+DQogICAgICAgICAgICA8RGF0ZVBpY2tlciB4Ok5hbWU9I |