Windows Analysis Report
starwindconverter.exe

Overview

General Information

Sample name: starwindconverter.exe
Analysis ID: 1432220
MD5: f9545db50cc40988b62b49ffce2874be
SHA1: 12af954da045061b75c15322fa6f761bab09a787
SHA256: 3018ec56677e92e472fad392c390b606b9e8c93927766a900ab808e9e791882a
Infos:

Detection

Score: 11
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Compliance

Score: 53
Range: 0 - 100

Signatures

Checks for available system drives (often done to infect USB drives)
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: New Kernel Driver Via SC.EXE
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007F7378 _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,ReadFile,CryptHashData,ReadFile,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext, 14_2_007F7378
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007D8101 CryptHashPublicKeyInfo,GetLastError, 14_2_007D8101
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007D8386 DecryptFileW, 14_2_007D8386
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007D7E2A _memset,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust, 14_2_007D7E2A
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A88386 DecryptFileW, 26_2_00A88386
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A88101 CryptHashPublicKeyInfo,GetLastError, 26_2_00A88101
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00AA7378 _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,ReadFile,CryptHashData,ReadFile,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext, 26_2_00AA7378
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A87E2A _memset,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust, 26_2_00A87E2A
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DC8281 _memset,CryptCATAdminCalcHashFromFileHandle,GetLastError,GetLastError,CryptCATAdminCalcHashFromFileHandle,GetLastError,WinVerifyTrust,WinVerifyTrust,WinVerifyTrust, 28_2_00DC8281
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DE7C27 _memset,CryptAcquireContextW,GetLastError,CryptCreateHash,GetLastError,ReadFile,CryptHashData,ReadFile,GetLastError,CryptGetHashParam,GetLastError,SetFilePointerEx,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext, 28_2_00DE7C27
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DC8558 CryptHashPublicKeyInfo,GetLastError, 28_2_00DC8558
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DC86D9 DecryptFileW, 28_2_00DC86D9

Compliance
barindex
Uses 32bit PE files
Source: starwindconverter.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Licensee is subject to the terms and conditions of this Agreement whether Licensee accesses or obtains Free Software directly from https://www.starwindsoftware.com/ or through any other source. By Using installing and/or Operating Free Software Licensee agrees to be bound by the terms of this Agreement. LICENSEE WILL HAVE THE OPPORTUNITY TO ACCEPT THIS OFFER OF AGREEMENT THROUGH A CLICK-THROUGH PROCEDURE. IF LICENSEE DOES NOT WISH TO ACCEPT THE TERMS OF THIS AGREEMENT AND/OR TO DECLINE THIS AGREEMENT LICENSEE SHALL NOT USE INSTALL OR OPERATE THE FREE SOFTWARE. IF LICENSEE CHOOSES TO ACCEPT THE TERMS OF THIS AGREEMENT LICENSEE MAY DO SO BY CHECKING I AGREE USING THE DESIGNATED CHECK BOX LICENSEES CLICK OF THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON IS A SYMBOL OF LICENSEES SIGNATURE AND BY CLICKING ON THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON LICENSEE CONSENTS TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT AND AGREES THAT THIS AGREEMENT IS ENFORCEABLE AGAINST LICENSEE PURSUANT TO ITS TERMS TO THE SAME EXTENT AS ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY LICENSEE. IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT THEN LICENSEE SHOULD NOT OPERATE THE FREE SOFTWARE AND LICENSEE WILL NOT BE ALLOWED TO USE INSTALL OR OPERATE THE FREE SOFTWARE. FOR AVOIDANCE OF DOUBT AND NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN STARWIND RESERVES THE RIGHT TO REFUSE ACCEPTING THIS AGREEMENT AND NOT TO PROVIDE LICENSEE WITH THE RIGHT TO USE INSTALL OR OPERATE THE FREE SOFTWARE AS CONTEMPLATED HEREUNDER FOR ANY REASON OR NO REASON.Definitions. Each of the expressions indicated below will have in this Agreement the meaning assigned to it namely:Affiliate shall mean with respect to a given Person any person or entity which directly or indirectly controls is controlled by or is under common control with the given Person; control (including with its correlative meanings controlled by and under common control with) means possession directly or indirectly of the power to direct or cause the direction of management or policies (whether through ownership of securities or partnership or other ownership interests by contract or otherwise).Confidential Information shall mean any information Free Software document or other material of any nature relating to or concerning StarWind or Licensee and/or their Affiliates that is provided or made available to receiving Party either before or after the Effective Date directly or indirectly in any form whatsoever including in writing orally and machine readable and including but not be limited to any correspondence memoranda notes e-mails formulas samples equipment compilations blueprints business information technical information know-how information regarding patents patent applicati
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Licensee is subject to the terms and conditions of this Agreement whether Licensee accesses or obtains Free Software directly from https://www.starwindsoftware.com/ or through any other source. By Using installing and/or Operating Free Software Licensee agrees to be bound by the terms of this Agreement. LICENSEE WILL HAVE THE OPPORTUNITY TO ACCEPT THIS OFFER OF AGREEMENT THROUGH A CLICK-THROUGH PROCEDURE. IF LICENSEE DOES NOT WISH TO ACCEPT THE TERMS OF THIS AGREEMENT AND/OR TO DECLINE THIS AGREEMENT LICENSEE SHALL NOT USE INSTALL OR OPERATE THE FREE SOFTWARE. IF LICENSEE CHOOSES TO ACCEPT THE TERMS OF THIS AGREEMENT LICENSEE MAY DO SO BY CHECKING I AGREE USING THE DESIGNATED CHECK BOX LICENSEES CLICK OF THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON IS A SYMBOL OF LICENSEES SIGNATURE AND BY CLICKING ON THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON LICENSEE CONSENTS TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT AND AGREES THAT THIS AGREEMENT IS ENFORCEABLE AGAINST LICENSEE PURSUANT TO ITS TERMS TO THE SAME EXTENT AS ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY LICENSEE. IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT THEN LICENSEE SHOULD NOT OPERATE THE FREE SOFTWARE AND LICENSEE WILL NOT BE ALLOWED TO USE INSTALL OR OPERATE THE FREE SOFTWARE. FOR AVOIDANCE OF DOUBT AND NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN STARWIND RESERVES THE RIGHT TO REFUSE ACCEPTING THIS AGREEMENT AND NOT TO PROVIDE LICENSEE WITH THE RIGHT TO USE INSTALL OR OPERATE THE FREE SOFTWARE AS CONTEMPLATED HEREUNDER FOR ANY REASON OR NO REASON.Definitions. Each of the expressions indicated below will have in this Agreement the meaning assigned to it namely:Affiliate shall mean with respect to a given Person any person or entity which directly or indirectly controls is controlled by or is under common control with the given Person; control (including with its correlative meanings controlled by and under common control with) means possession directly or indirectly of the power to direct or cause the direction of management or policies (whether through ownership of securities or partnership or other ownership interests by contract or otherwise).Confidential Information shall mean any information Free Software document or other material of any nature relating to or concerning StarWind or Licensee and/or their Affiliates that is provided or made available to receiving Party either before or after the Effective Date directly or indirectly in any form whatsoever including in writing orally and machine readable and including but not be limited to any correspondence memoranda notes e-mails formulas samples equipment compilations blueprints business information technical information know-how information regarding patents patent applicati
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Licensee is subject to the terms and conditions of this Agreement whether Licensee accesses or obtains Free Software directly from https://www.starwindsoftware.com/ or through any other source. By Using installing and/or Operating Free Software Licensee agrees to be bound by the terms of this Agreement. LICENSEE WILL HAVE THE OPPORTUNITY TO ACCEPT THIS OFFER OF AGREEMENT THROUGH A CLICK-THROUGH PROCEDURE. IF LICENSEE DOES NOT WISH TO ACCEPT THE TERMS OF THIS AGREEMENT AND/OR TO DECLINE THIS AGREEMENT LICENSEE SHALL NOT USE INSTALL OR OPERATE THE FREE SOFTWARE. IF LICENSEE CHOOSES TO ACCEPT THE TERMS OF THIS AGREEMENT LICENSEE MAY DO SO BY CHECKING I AGREE USING THE DESIGNATED CHECK BOX LICENSEES CLICK OF THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON IS A SYMBOL OF LICENSEES SIGNATURE AND BY CLICKING ON THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON LICENSEE CONSENTS TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT AND AGREES THAT THIS AGREEMENT IS ENFORCEABLE AGAINST LICENSEE PURSUANT TO ITS TERMS TO THE SAME EXTENT AS ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY LICENSEE. IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT THEN LICENSEE SHOULD NOT OPERATE THE FREE SOFTWARE AND LICENSEE WILL NOT BE ALLOWED TO USE INSTALL OR OPERATE THE FREE SOFTWARE. FOR AVOIDANCE OF DOUBT AND NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN STARWIND RESERVES THE RIGHT TO REFUSE ACCEPTING THIS AGREEMENT AND NOT TO PROVIDE LICENSEE WITH THE RIGHT TO USE INSTALL OR OPERATE THE FREE SOFTWARE AS CONTEMPLATED HEREUNDER FOR ANY REASON OR NO REASON.Definitions. Each of the expressions indicated below will have in this Agreement the meaning assigned to it namely:Affiliate shall mean with respect to a given Person any person or entity which directly or indirectly controls is controlled by or is under common control with the given Person; control (including with its correlative meanings controlled by and under common control with) means possession directly or indirectly of the power to direct or cause the direction of management or policies (whether through ownership of securities or partnership or other ownership interests by contract or otherwise).Confidential Information shall mean any information Free Software document or other material of any nature relating to or concerning StarWind or Licensee and/or their Affiliates that is provided or made available to receiving Party either before or after the Effective Date directly or indirectly in any form whatsoever including in writing orally and machine readable and including but not be limited to any correspondence memoranda notes e-mails formulas samples equipment compilations blueprints business information technical information know-how information regarding patents patent applicati
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-OCNA5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-DOD6O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-LA1DS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-DMGAR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-RRJPS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-2T9SC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-NDNT1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-C445H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-PM8AC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-0U75Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-NJRVA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-JTGFU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-9PTPC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-239NR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-UHSSF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-3DPGP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QT18L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QMAR7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-VPH09.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QH72R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QVHTU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-HKUCL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QJJQG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-SRQKS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-OCF30.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-JNOSU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-043UQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-ED59I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-6S65I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-QULGP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-U7152.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-80TNO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-S80ND.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-BHS0U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-MMA8U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-9CMA4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-VUIE8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-G86Q6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-I8RA6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-LQIVE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-H973S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-728T9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-6QBCJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-HGVAF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-FIGM0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-OAJUU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-GCANT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-SN4HU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-NTL6D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-PAU7U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-4G0NR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-I6VGK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-JUSQQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-468L0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-F99S5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-MRML8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-T4VT0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-M84MS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-HQLOK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-FDG2J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\is-03KQM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\is-EOQIC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\unins000.msg Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SystemRestore SRInitDone Jump to behavior
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File created: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\license.rtf Jump to behavior
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe File created: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe File created: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1028\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1029\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1031\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1036\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1040\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1041\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1042\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1045\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1046\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1049\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1055\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\2052\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\3082\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\license.rtf
Source: starwindconverter.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: starwindconverter.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: d:\build\ob\bora-4938387\bora\build\release\p2v\modules\vstor2\amd64\vstor2.pdb source: vstor2-mntapi20-shared.sys.6.dr
Source: Binary string: D:\build\ob\bora-13861102\bora\build\scons\build\LIBRARIES\vmacore\win64\release\vmacore.pdb source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdbH source: vcredist_x64.exe, 0000001B.00000002.3025002722.000000006C6D5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\build\ob\bora-6437881\cayman_pcre\build\release\win64_vc120\pcre\build\Release\pcre.pdb source: is-728T9.tmp.1.dr
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixDepCA.pdb source: vc_redist.x64.130.exe, 0000000E.00000003.2567281053.0000000000A70000.00000004.00000020.00020000.00000000.sdmp, vc_redist.x64.130.exe, 0000000E.00000003.2569148419.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, 64f25b.msi.22.dr
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb source: vc_redist.x64.130.exe, 0000000E.00000003.2566575331.0000000000A57000.00000004.00000020.00020000.00000000.sdmp, vc_redist.x64.130.exe, 0000000E.00000002.2659285084.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000E.00000000.2310506729.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000F.00000002.2695158245.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000F.00000000.2312377149.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vcredist_x64.exe, 0000001A.00000002.2706467527.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001A.00000000.2695000937.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001B.00000002.3017994106.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001B.00000000.2699885293.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vc_redist.x64.140.exe, 0000001C.00000000.2700767939.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001C.00000002.2739200058.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001D.00000000.2705924171.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001D.00000002.2741446991.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, is-03KQM.tmp.1.dr
Source: Binary string: D:\build\ob\bora-6437881\cayman_pcre\build\release\win64_vc120\pcre\build\Release\pcre.pdb"" source: is-728T9.tmp.1.dr
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@E source: vc_redist.x64.130.exe, 0000000E.00000003.2566575331.0000000000A57000.00000004.00000020.00020000.00000000.sdmp, is-03KQM.tmp.1.dr
Source: Binary string: d:\build\ob\bora-13861102\bora\build\release-x64\apps\vmware-vdiskmanager\vmware-vdiskmanager.pdb source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\build\ob\bora-13861102\bora\build\scons\build\LIBRARIES\vmomi\win64\release\vmomi.pdb source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\build\ob\bora-13861102\bora\build\release-x64\apps\vmware-vdiskmanager\vmware-vdiskmanager.pdb source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdb source: vcredist_x64.exe, 0000001B.00000002.3025002722.000000006C6D5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\build\ob\bora-12677144\cayman_openssl\build\release\win64_vc90sp1\openssl\build\out32dll\libeay32.pdb source: is-VUIE8.tmp.1.dr
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@ source: vc_redist.x64.130.exe, 0000000E.00000002.2659285084.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000E.00000000.2310506729.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000F.00000002.2695158245.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000F.00000000.2312377149.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vcredist_x64.exe, 0000001A.00000002.2706467527.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001A.00000000.2695000937.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001B.00000002.3017994106.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001B.00000000.2699885293.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb` source: vc_redist.x64.140.exe, 0000001C.00000000.2700767939.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001C.00000002.2739200058.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001D.00000000.2705924171.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001D.00000002.2741446991.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Projects\aws\sdk_build\bin\Release\aws-cpp-sdk-s3.pdb source: is-9PTPC.tmp.1.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z:
Source: C:\Windows\System32\msiexec.exe File opened: x:
Source: C:\Windows\System32\msiexec.exe File opened: v:
Source: C:\Windows\System32\msiexec.exe File opened: t:
Source: C:\Windows\System32\msiexec.exe File opened: r:
Source: C:\Windows\System32\msiexec.exe File opened: p:
Source: C:\Windows\System32\msiexec.exe File opened: n:
Source: C:\Windows\System32\msiexec.exe File opened: l:
Source: C:\Windows\System32\msiexec.exe File opened: j:
Source: C:\Windows\System32\msiexec.exe File opened: h:
Source: C:\Windows\System32\msiexec.exe File opened: f:
Source: C:\Windows\System32\msiexec.exe File opened: b:
Source: C:\Windows\System32\msiexec.exe File opened: y:
Source: C:\Windows\System32\msiexec.exe File opened: w:
Source: C:\Windows\System32\msiexec.exe File opened: u:
Source: C:\Windows\System32\msiexec.exe File opened: s:
Source: C:\Windows\System32\msiexec.exe File opened: q:
Source: C:\Windows\System32\msiexec.exe File opened: o:
Source: C:\Windows\System32\msiexec.exe File opened: m:
Source: C:\Windows\System32\msiexec.exe File opened: k:
Source: C:\Windows\System32\msiexec.exe File opened: i:
Source: C:\Windows\System32\msiexec.exe File opened: g:
Source: C:\Windows\System32\msiexec.exe File opened: e:
Source: C:\Windows\System32\svchost.exe File opened: c:
Source: C:\Windows\System32\msiexec.exe File opened: a:
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00476120 FindFirstFileA,FindNextFileA,FindClose, 1_2_00476120
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004531A4 FindFirstFileA,GetLastError, 1_2_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00463344 FindFirstFileA,FindNextFileA,FindClose, 1_2_00463344
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, 1_2_0049998C
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007D8BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 14_2_007D8BE8
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007F66A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 14_2_007F66A3
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007F5710 _memset,FindFirstFileW,FindClose, 14_2_007F5710
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00AA66A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 26_2_00AA66A3
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A88BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 26_2_00A88BE8
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00AA5710 _memset,FindFirstFileW,FindClose, 26_2_00AA5710
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 27_2_6C6CA685 _memset,FindFirstFileW,FindClose, 27_2_6C6CA685
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DE6D15 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 28_2_00DE6D15
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DE5D81 _memset,FindFirstFileW,FindClose, 28_2_00DE5D81
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DC8E6E _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 28_2_00DC8E6E
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64 Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532 Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\NULL Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL Jump to behavior
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007E6994 InternetReadFile,WriteFile,WriteFile,GetLastError,GetLastError, 14_2_007E6994
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BreXLoZztbAKvXo&MD=CkxPD1Rx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=BreXLoZztbAKvXo&MD=CkxPD1Rx HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGM-ar7EGIjDPDwLUDTsFOtyhKJAT5DyNT4-JYGy8AQvI_i61IsKnO-HCW4ZF9DcmjkgW5xqtABsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=kE4w8jVXQIKRBgnq2rSSuaeuj3V2oSTKpqDMdDROtfpQ8ynJq8dNWPI6cgFo4Z4M0m5JoqPofUAZ9lJDVPiOjdefNwcwKWrDPalqZGUDc-424T0yhgswfw6_8_P82oXXUD2LaGrnzZFPtUD6RmGvm8o3nBadhzqNR5DdgtcTsGI
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGM-ar7EGIjAqkOFqfrWsUuYYc-cHY4mS2DMqZX8MiAbTgaXolWeyzV_Jwf75R-0hkajKDO7EEd0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiSocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-26-15; NID=513=kE4w8jVXQIKRBgnq2rSSuaeuj3V2oSTKpqDMdDROtfpQ8ynJq8dNWPI6cgFo4Z4M0m5JoqPofUAZ9lJDVPiOjdefNwcwKWrDPalqZGUDc-424T0yhgswfw6_8_P82oXXUD2LaGrnzZFPtUD6RmGvm8o3nBadhzqNR5DdgtcTsGI
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A4109000CC6X-BM-CBT: 1696420817X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 60X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 0912CF9094994CFA88DE52C6FB19D4E1X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A4109000CC6X-MSEdge-ExternalExp: bfbwsbrs0830tf,d-thshldspcl40,msbdsborgv2co,msbwdsbi920t1,spofglclicksh-c2,webtophit0r_t,wsbmsaqfuxtc,wsbqfasmsall_t,wsbqfminiserp400,wsbref-tX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2236Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=6666694284484FA1B35CCB433D42E997; _SS=SID=193A581F83766B4319784BBF829B6A16&CPID=1696420820117&AC=1&CPH=e5c79613&CBV=39942242; _EDGE_S=SID=193A581F83766B4319784BBF829B6A16; SRCHUID=V=2&GUID=BA43D82178364AEA9C1EE6C32BE93416&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231003; SRCHHPGUSR=SRCHLANG=en&LUT=1696420817741&IPMH=425591ef&IPMID=1696420817913&HV=1696417346; ANON=A=6D8F9DF00282E660E425530EFFFFFFFF; CortanaAppUID=4C9C2B2D0465FD7A42C74C7E93CFB630; MUIDB=6666694284484FA1B35CCB433D42E997
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: is-728T9.tmp.1.dr String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0X
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 00000018.00000002.3027194417.0000023D4CA82000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.ver)
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CC68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CC68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CC68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CC68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CC68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CC68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CC9D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CD57000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://ocsp.thawte.com0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://s2.symcb.com0
Source: is-9PTPC.tmp.1.dr String found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/Body
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/Envelope
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/HeaderBody
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/http://docs.oasis-open.org/wss:stringmustUnderstandxsi
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://sf.symcb.com/sf.crl0a
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://sf.symcd.com0&
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: is-728T9.tmp.1.dr String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://sv.symcd.com0&
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: vc_redist.x64.130.exe, 0000000F.00000003.2658901479.00000000034A0000.00000004.00000020.00020000.00000000.sdmp, vc_redist.x64.130.exe, 0000000F.00000003.2315287938.000000000148D000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64.exe, 0000001B.00000003.2701655658.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp, vcredist_x64.exe, 0000001B.00000002.3022940702.0000000002DA0000.00000004.00000020.00020000.00000000.sdmp, vc_redist.x64.140.exe, 0000001D.00000003.2734949955.0000000002EDC000.00000004.00000800.00020000.00000000.sdmp, vc_redist.x64.140.exe, 0000001D.00000003.2737279519.0000000000B20000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010
Source: vc_redist.x64.130.exe, 0000000F.00000003.2658174562.0000000003A7B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x64.exe, 0000001B.00000002.3023884477.0000000003140000.00000004.00000800.00020000.00000000.sdmp, vc_redist.x64.140.exe, 0000001D.00000003.2734949955.0000000002EDC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010(
Source: vc_redist.x64.130.exe, 0000000F.00000003.2658174562.0000000003A7B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x64.exe, 0000001B.00000002.3023884477.0000000003140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010and
Source: vc_redist.x64.130.exe, 0000000F.00000003.2658174562.0000000003A7B000.00000004.00000800.00020000.00000000.sdmp, vcredist_x64.exe, 0000001B.00000002.3023884477.0000000003140000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wixtoolset.org/schemas/thmutil/2010lureH
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: starwindconverter.tmp, starwindconverter.tmp, 00000001.00000002.2810735169.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.innosetup.com/
Source: starwindconverter.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: starwindconverter.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: is-VUIE8.tmp.1.dr String found in binary or memory: http://www.openssl.org/V
Source: is-VUIE8.tmp.1.dr String found in binary or memory: http://www.openssl.org/support/faq.html
Source: is-VUIE8.tmp.1.dr String found in binary or memory: http://www.openssl.org/support/faq.html.
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, starwindconverter.tmp, 00000001.00000002.2810735169.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.remobjects.com/ps
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000002.2810735169.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: http://www.remobjects.com/psU
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://www.symauth.com/cps0(
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://www.symauth.com/rpa00
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://www.vmware.com/0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: http://www.vmware.com/0/
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1647
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CD12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CD6A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CD12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CCF3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.2693608492.0000023D4CD44000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.2693608492.0000023D4CD57000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000018.00000003.2693608492.0000023D4CD38000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CD12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CD12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000018.00000003.2693608492.0000023D4CCA6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: https://www.globalsign.com/repository/0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp, vstor2-mntapi20-shared.sys.6.dr, is-VUIE8.tmp.1.dr, is-728T9.tmp.1.dr String found in binary or memory: https://www.globalsign.com/repository/06
Source: starwindconverter.tmp, 00000001.00000003.1733811204.00000000022B8000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2809369381.00000000005F3000.00000004.00000020.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000002.2811349521.0000000000605000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/
Source: starwindconverter.exe, 00000000.00000003.1731798053.0000000002370000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.1733720466.0000000003280000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com//
Source: starwindconverter.exe, 00000000.00000003.1731871484.00000000020C1000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.2812692493.00000000020C1000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2810139887.00000000022B8000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.1733811204.00000000022B8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/:
Source: starwindconverter.tmp, 00000001.00000002.2811101281.00000000005BF000.00000004.00000020.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2809811649.00000000005BC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/NT
Source: starwindconverter.tmp, 00000001.00000002.2811349521.0000000000605000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/download-free-tools
Source: starwindconverter.tmp, 00000001.00000002.2811101281.00000000005BF000.00000004.00000020.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2809811649.00000000005BC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/lT
Source: starwindconverter.tmp, 00000001.00000003.1733811204.00000000022B8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/privacy-policy
Source: starwindconverter.tmp, 00000001.00000003.2809040291.0000000000610000.00000004.00000020.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000002.2812251955.0000000003591000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/privacy-policy.
Source: starwindconverter.tmp, 00000001.00000003.1733811204.00000000022B8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/starwind-nfr-license-users
Source: starwindconverter.tmp, 00000001.00000003.2257418551.00000000035AC000.00000004.00000020.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.1742998627.0000000000623000.00000004.00000020.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2809040291.0000000000610000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/starwind-nfr-license-users.
Source: starwindconverter.tmp, 00000001.00000003.1733811204.00000000022B8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/terms
Source: starwindconverter.tmp, 00000001.00000003.1733720466.0000000003280000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.1733811204.00000000022B8000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000002.2811419131.0000000000661000.00000004.00000020.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2808958826.000000000065F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/v2v-help/
Source: starwindconverter.exe, 00000000.00000003.1731871484.00000000020C1000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.exe, 00000000.00000003.2812692493.00000000020C1000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.2810139887.00000000022B8000.00000004.00001000.00020000.00000000.sdmp, starwindconverter.tmp, 00000001.00000003.1733811204.00000000022B8000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.starwindsoftware.com/v2v-help/2
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 173.222.162.32:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49738 version: TLS 1.2
Drops certificate files (DER)
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\vstor2.cat (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-HQLOK.tmp Jump to dropped file
Contains functionality to call native functions
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00423FD4 NtdllDefWindowProc_A, 1_2_00423FD4
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00412A28 NtdllDefWindowProc_A, 1_2_00412A28
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0042F9C0 NtdllDefWindowProc_A, 1_2_0042F9C0
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00479D08 NtdllDefWindowProc_A, 1_2_00479D08
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00457D90 PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A, 1_2_00457D90
Contains functionality to communicate with device drivers
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0042ED84: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError, 1_2_0042ED84
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 1_2_00455D80
Creates driver files
Source: C:\Windows\System32\cmd.exe File created: C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys Jump to behavior
Creates files inside the driver directory
Source: C:\Windows\System32\cmd.exe File created: C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys Jump to behavior
Creates files inside the system directory
Source: C:\Windows\System32\cmd.exe File created: C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\64f258.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIF594.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\vcamp120.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\vcomp120.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\64f25b.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\64f25b.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\64f25c.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{929FBD26-9020-399B-9A7A-751D61F0B942}
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIF97D.tmp
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120chs.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120cht.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120deu.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120enu.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120esn.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120fra.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120ita.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120jpn.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120kor.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\system32\mfc120rus.dll
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\64f25f.msi
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\64f25f.msi
Source: C:\Windows\System32\svchost.exe File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\64f25b.msi
Detected potential crypto function
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_00408888 0_2_00408888
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00468034 1_2_00468034
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00471688 1_2_00471688
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00488030 1_2_00488030
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0046A088 1_2_0046A088
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00452100 1_2_00452100
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0043E1F0 1_2_0043E1F0
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004307FC 1_2_004307FC
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00444968 1_2_00444968
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00434A64 1_2_00434A64
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00444F10 1_2_00444F10
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00488F90 1_2_00488F90
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00431388 1_2_00431388
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00445608 1_2_00445608
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0048F6BC 1_2_0048F6BC
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00435768 1_2_00435768
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0045F8C0 1_2_0045F8C0
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0045B970 1_2_0045B970
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00445A14 1_2_00445A14
Found potential string decryption / allocating functions
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: String function: 007F540B appears 73 times
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: String function: 007EF6A2 appears 35 times
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: String function: 007F294E appears 460 times
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: String function: 007EFA86 appears 653 times
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: String function: 007F177A appears 60 times
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: String function: 00DE2F68 appears 462 times
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: String function: 00DDFD12 appears 35 times
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: String function: 00DE5A7C appears 73 times
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: String function: 00DE1D94 appears 59 times
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: String function: 00DE00F7 appears 655 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 00446274 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 0040596C appears 114 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 00453AAC appears 97 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 0043497C appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 00458718 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 00403400 appears 62 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 0040905C appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 00407D44 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 00446544 appears 58 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 0045850C appears 100 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 00403494 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 0040357C appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 00406F14 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: String function: 00403684 appears 229 times
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: String function: 6C6CAFD3 appears 31 times
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: String function: 00AA177A appears 60 times
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: String function: 00A9F6A2 appears 35 times
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: String function: 00A9FA86 appears 653 times
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: String function: 00AA294E appears 460 times
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: String function: 00AA540B appears 73 times
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: String function: 6C6C10E3 appears 70 times
PE file contains executable resources (Code or Archives)
Source: starwindconverter.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: starwindconverter.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: starwindconverter.tmp.0.dr Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
Source: is-OCNA5.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-OCNA5.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-OCNA5.tmp.1.dr Static PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
PE file does not import any functions
Source: mfc120kor.dll.22.dr Static PE information: No import functions for PE file found
Source: mfc120cht.dll.22.dr Static PE information: No import functions for PE file found
Source: mfc120enu.dll.22.dr Static PE information: No import functions for PE file found
Source: mfc120ita.dll.22.dr Static PE information: No import functions for PE file found
Source: mfc120rus.dll.22.dr Static PE information: No import functions for PE file found
Source: mfc120deu.dll.22.dr Static PE information: No import functions for PE file found
Source: mfc120jpn.dll.22.dr Static PE information: No import functions for PE file found
Source: mfc120fra.dll.22.dr Static PE information: No import functions for PE file found
Source: mfc120chs.dll.22.dr Static PE information: No import functions for PE file found
Source: mfc120esn.dll.22.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: starwindconverter.exe, 00000000.00000003.1732467657.0000000002370000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs starwindconverter.exe
Source: starwindconverter.exe, 00000000.00000003.1732292101.0000000002470000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs starwindconverter.exe
Uses 32bit PE files
Source: starwindconverter.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: mfc120kor.dll.22.dr Static PE information: Section .rsrc
Source: mfc120cht.dll.22.dr Static PE information: Section .rsrc
Source: mfc120enu.dll.22.dr Static PE information: Section .rsrc
Source: mfc120ita.dll.22.dr Static PE information: Section .rsrc
Source: mfc120rus.dll.22.dr Static PE information: Section .rsrc
Source: mfc120deu.dll.22.dr Static PE information: Section .rsrc
Source: mfc120jpn.dll.22.dr Static PE information: Section .rsrc
Source: mfc120fra.dll.22.dr Static PE information: Section .rsrc
Source: mfc120chs.dll.22.dr Static PE information: Section .rsrc
Source: mfc120esn.dll.22.dr Static PE information: Section .rsrc
Source: vstor2-mntapi20-shared.sys.6.dr Binary string: \DosDevices\%ws\Device\MountPointManager
Source: vstor2-mntapi20-shared.sys.6.dr Binary string: \Device\vstor2
Source: vstor2-mntapi20-shared.sys.6.dr Binary string: \Device\
Source: classification engine Classification label: clean11.evad.winEXE@48/237@2/4
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007EF326 FormatMessageW,GetLastError,LocalFree, 14_2_007EF326
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_004098E8 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 0_2_004098E8
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00455D80 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx, 1_2_00455D80
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007C13BA GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 14_2_007C13BA
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A713BA GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 26_2_00A713BA
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DB13BA GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,GetLastError,AdjustTokenPrivileges,GetLastError,Sleep,InitiateSystemShutdownExW,GetLastError,CloseHandle, 28_2_00DB13BA
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004565A8 GetModuleHandleA,GetProcAddress,GetDiskFreeSpaceExA,GetDiskFreeSpaceA, 1_2_004565A8
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007F50CA GetModuleHandleA,GetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CoCreateInstance,ExitProcess, 14_2_007F50CA
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_0040A0D4 FindResourceA,SizeofResource,LoadResource,LockResource, 0_2_0040A0D4
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007DE774 ChangeServiceConfigW,GetLastError, 14_2_007DE774
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2416:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3484:120:WilError_03
Source: C:\Users\user\Desktop\starwindconverter.exe File created: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /C ""C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vstor2install.bat""
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File read: C:\Windows\win.ini Jump to behavior
Source: C:\Users\user\Desktop\starwindconverter.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: vc_redist.x64.130.exe, 0000000E.00000003.2567281053.0000000000A70000.00000004.00000020.00020000.00000000.sdmp, vc_redist.x64.130.exe, 0000000E.00000003.2569148419.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, 64f25b.msi.22.dr Binary or memory string: SELECT `WixDependency`.`WixDependency`, `WixDependencyProvider`.`Component_`, `WixDependency`.`ProviderKey`, `WixDependency`.`MinVersion`, `WixDependency`.`MaxVersion`, `WixDependency`.`Attributes` FROM `WixDependencyProvider`, `WixDependency`, `WixDependencyRef` WHERE `WixDependency`.`WixDependency` = `WixDependencyRef`.`WixDependency_` AND `WixDependencyProvider`.`WixDependencyProvider` = `WixDependencyRef`.`WixDependencyProvider_`SELECT `WixDependencyProvider`.`WixDependencyProvider`, `WixDependencyProvider`.`Component_`, `WixDependencyProvider`.`ProviderKey`, `WixDependencyProvider`.`Attributes` FROM `WixDependencyProvider`Failed to ignored dependency "%ls" to the string dictionary.;Failed to create the string dictionary.Failed to get the string value of the IGNOREDEPENDENCIES property.IGNOREDEPENDENCIESUnknownFailed to set the dependency name "%ls" into the message record.Failed to set the dependency key "%ls" into the message record.The dependency "%ls" is missing or is not the required version.Found dependent "%ls", name: "%ls".Failed to set the number of dependencies into the message record.Failed to set the message identifier into the message record.Not enough memory to create the message record.wixdepca.cppUnexpected message response %d from user or bootstrapper application.Failed to create the dependency record for message %d.Failed to enumerate all of the rows in the dependency query view.Failed to get WixDependency.Attributes.Failed to get WixDependency.MaxVersion.Failed to get WixDependency.MinVersion.Failed to get WixDependency.ProviderKey.Failed to get WixDependencyProvider.Component_.Failed to get WixDependency.WixDependency.Failed dependency check for %ls.Skipping dependency check for %ls because the component %ls is not being (re)installed.Failed to open the query view for dependencies.Failed to initialize the unique dependency string list.Failed to check if the WixDependency table exists.Skipping the dependency check since no dependencies are authored.WixDependencyFailed to enumerate all of the rows in the dependency provider query view.Failed to get WixDependencyProvider.Attributes.Failed to get WixDependencyProvider.ProviderKey.Failed to get WixDependencyProvider.Component.Failed to get WixDependencyProvider.WixDependencyProvider.Failed dependents check for %ls.Skipping dependents check for %ls because the component %ls is not being uninstalled.Failed to open the query view for dependency providers.Failed to check if the WixDependencyProvider table exists.Skipping the dependents check since no dependency providers are authored.WixDependencyProviderSkipping the dependencies check since IGNOREDEPENDENCIES contains "ALL".Failed to check if "ALL" was set in IGNOREDEPENDENCIES.ALLFailed to get the ignored dependents.Failed to ensure required dependencies for (re)installing components.ALLUSERSFailed to initialize the registry functions.Failed to initialize.WixDependencyRequireFailed to ensure absent dependents for uninstalling com
Source: starwindconverter.exe String found in binary or memory: need to be updated. /RESTARTAPPLICATIONS Instructs Setup to restart applications. /NORESTARTAPPLICATIONS Prevents Setup from restarting applications. /LOADINF="filename" Instructs Setup to load the settings from the specified file after having checked t
Source: vc_redist.x64.130.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: vcredist_x64.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: vc_redist.x64.140.exe String found in binary or memory: Failed to re-launch bundle process after RunOnce: %ls
Source: starwindconverter.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\starwindconverter.exe File read: C:\Users\user\Desktop\starwindconverter.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\starwindconverter.exe "C:\Users\user\Desktop\starwindconverter.exe"
Source: C:\Users\user\Desktop\starwindconverter.exe Process created: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp "C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp" /SL5="$10446,40015629,338944,C:\Users\user\Desktop\starwindconverter.exe"
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /C ""C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vstor2install.bat""
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\wbem\WMIC.exe wmic OS get OSArchitecture
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\findstr.exe findstr 64
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc query vstor2-mntapi20-shared
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc create vstor2-mntapi20-shared type= kernel start= auto error= normal binpath= System32\drivers\vstor2-mntapi20-shared.sys DisplayName= "Vstor2 MntApi 2.0 Driver (shared)" group= System
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc start vstor2-mntapi20-shared
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe "C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe" /quiet
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Process created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe "C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe" /quiet -burn.unelevated BurnPipe.{D7692551-F3D1-4F96-B98C-6EA8EBCE2C29} {99F278BD-B402-4D45-B367-3A71E4C78909} 4116
Source: unknown Process created: C:\Windows\System32\VSSVC.exe C:\Windows\system32\vssvc.exe
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k swprv
Source: unknown Process created: C:\Windows\System32\SrTasks.exe C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:1
Source: C:\Windows\System32\SrTasks.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1904,i,7260468871230898073,3398952734327397412,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe "C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe" /burn.runonce
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Process created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe "C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe"
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe "C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe" /quiet
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Process created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe "C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe" /quiet -burn.unelevated BurnPipe.{621695C5-B52A-43D6-BAAE-CEAD8A9F5342} {3E01C30D-E9A5-4BF9-AFE0-A4D60C443091} 3452
Source: C:\Users\user\Desktop\starwindconverter.exe Process created: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp "C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp" /SL5="$10446,40015629,338944,C:\Users\user\Desktop\starwindconverter.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /C ""C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vstor2install.bat"" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe "C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe" /quiet Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe "C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe" /quiet Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\wbem\WMIC.exe wmic OS get OSArchitecture Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\findstr.exe findstr 64 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc query vstor2-mntapi20-shared Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc create vstor2-mntapi20-shared type= kernel start= auto error= normal binpath= System32\drivers\vstor2-mntapi20-shared.sys DisplayName= "Vstor2 MntApi 2.0 Driver (shared)" group= System Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc start vstor2-mntapi20-shared Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Process created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe "C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe" /quiet -burn.unelevated BurnPipe.{D7692551-F3D1-4F96-B98C-6EA8EBCE2C29} {99F278BD-B402-4D45-B367-3A71E4C78909} 4116 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1904,i,7260468871230898073,3398952734327397412,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Process created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe "C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe"
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Process created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe "C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe" /quiet -burn.unelevated BurnPipe.{621695C5-B52A-43D6-BAAE-CEAD8A9F5342} {3E01C30D-E9A5-4BF9-AFE0-A4D60C443091} 3452
Source: C:\Users\user\Desktop\starwindconverter.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\starwindconverter.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: licensemanagersvc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: licensemanager.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: clipc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: cmdext.dll Jump to behavior
Source: C:\Windows\System32\cmd.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: msxml6.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: msi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: spp.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: usoapi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: sxproxy.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: msi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: feclient.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: authz.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: virtdisk.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: bcd.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: fltlib.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: es.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: vss_ps.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: samlib.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: catsrvut.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: mfcsubs.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: msxml3.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: clusapi.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: swprv.dll
Source: C:\Windows\System32\svchost.exe Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe Section loaded: virtdisk.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: amsi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe Section loaded: vss_ps.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fveapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fveapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fveapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fveapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: spp.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: srclient.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: srcore.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: vssapi.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: ktmw32.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: wer.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: vsstrace.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: bcd.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: dsrole.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: msxml3.dll
Source: C:\Windows\System32\SrTasks.exe Section loaded: vss_ps.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mpr.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: apphelp.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: wininet.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: msasn1.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: cabinet.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: msi.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: wininet.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: version.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: msasn1.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: kernel.appcore.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: msxml3.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: windows.storage.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: wldp.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: profapi.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: feclient.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: iertutil.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: uxtheme.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: textinputframework.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: coreuicomponents.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: coremessaging.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: ntmarta.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: wintypes.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: windowscodecs.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: explorerframe.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: riched20.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: usp10.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: msls31.dll
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Section loaded: textshaping.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: cabinet.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: msi.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wininet.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: version.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: msasn1.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: msxml3.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: windows.storage.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wldp.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: profapi.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: apphelp.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: uxtheme.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: textinputframework.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: coreuicomponents.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: coremessaging.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: ntmarta.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: coremessaging.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wintypes.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wintypes.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wintypes.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: srclient.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: spp.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: powrprof.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: vssapi.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: vsstrace.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: umpdc.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: cabinet.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: msi.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wininet.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: version.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: msasn1.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: msxml3.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: windows.storage.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wldp.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: profapi.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: feclient.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: iertutil.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: uxtheme.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: textinputframework.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: coreuicomponents.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: coremessaging.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: ntmarta.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: coremessaging.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wintypes.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wintypes.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: wintypes.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: windowscodecs.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: explorerframe.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: riched20.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: usp10.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: msls31.dll
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: StarWind V2V Converter.lnk.1.dr LNK file: ..\..\..\..\..\..\..\Program Files\StarWind Software\StarWind V2V Converter\V2V_Converter.exe
Source: Uninstall.lnk.1.dr LNK file: ..\..\..\..\..\..\..\Program Files\StarWind Software\StarWind V2V Converter\unins000.exe
Source: StarWind V2V Converter.lnk0.1.dr LNK file: ..\..\..\Program Files\StarWind Software\StarWind V2V Converter\V2V_Converter.exe
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Automated click: I accept the agreement
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Licensee is subject to the terms and conditions of this Agreement whether Licensee accesses or obtains Free Software directly from https://www.starwindsoftware.com/ or through any other source. By Using installing and/or Operating Free Software Licensee agrees to be bound by the terms of this Agreement. LICENSEE WILL HAVE THE OPPORTUNITY TO ACCEPT THIS OFFER OF AGREEMENT THROUGH A CLICK-THROUGH PROCEDURE. IF LICENSEE DOES NOT WISH TO ACCEPT THE TERMS OF THIS AGREEMENT AND/OR TO DECLINE THIS AGREEMENT LICENSEE SHALL NOT USE INSTALL OR OPERATE THE FREE SOFTWARE. IF LICENSEE CHOOSES TO ACCEPT THE TERMS OF THIS AGREEMENT LICENSEE MAY DO SO BY CHECKING I AGREE USING THE DESIGNATED CHECK BOX LICENSEES CLICK OF THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON IS A SYMBOL OF LICENSEES SIGNATURE AND BY CLICKING ON THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON LICENSEE CONSENTS TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT AND AGREES THAT THIS AGREEMENT IS ENFORCEABLE AGAINST LICENSEE PURSUANT TO ITS TERMS TO THE SAME EXTENT AS ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY LICENSEE. IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT THEN LICENSEE SHOULD NOT OPERATE THE FREE SOFTWARE AND LICENSEE WILL NOT BE ALLOWED TO USE INSTALL OR OPERATE THE FREE SOFTWARE. FOR AVOIDANCE OF DOUBT AND NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN STARWIND RESERVES THE RIGHT TO REFUSE ACCEPTING THIS AGREEMENT AND NOT TO PROVIDE LICENSEE WITH THE RIGHT TO USE INSTALL OR OPERATE THE FREE SOFTWARE AS CONTEMPLATED HEREUNDER FOR ANY REASON OR NO REASON.Definitions. Each of the expressions indicated below will have in this Agreement the meaning assigned to it namely:Affiliate shall mean with respect to a given Person any person or entity which directly or indirectly controls is controlled by or is under common control with the given Person; control (including with its correlative meanings controlled by and under common control with) means possession directly or indirectly of the power to direct or cause the direction of management or policies (whether through ownership of securities or partnership or other ownership interests by contract or otherwise).Confidential Information shall mean any information Free Software document or other material of any nature relating to or concerning StarWind or Licensee and/or their Affiliates that is provided or made available to receiving Party either before or after the Effective Date directly or indirectly in any form whatsoever including in writing orally and machine readable and including but not be limited to any correspondence memoranda notes e-mails formulas samples equipment compilations blueprints business information technical information know-how information regarding patents patent applicati
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Licensee is subject to the terms and conditions of this Agreement whether Licensee accesses or obtains Free Software directly from https://www.starwindsoftware.com/ or through any other source. By Using installing and/or Operating Free Software Licensee agrees to be bound by the terms of this Agreement. LICENSEE WILL HAVE THE OPPORTUNITY TO ACCEPT THIS OFFER OF AGREEMENT THROUGH A CLICK-THROUGH PROCEDURE. IF LICENSEE DOES NOT WISH TO ACCEPT THE TERMS OF THIS AGREEMENT AND/OR TO DECLINE THIS AGREEMENT LICENSEE SHALL NOT USE INSTALL OR OPERATE THE FREE SOFTWARE. IF LICENSEE CHOOSES TO ACCEPT THE TERMS OF THIS AGREEMENT LICENSEE MAY DO SO BY CHECKING I AGREE USING THE DESIGNATED CHECK BOX LICENSEES CLICK OF THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON IS A SYMBOL OF LICENSEES SIGNATURE AND BY CLICKING ON THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON LICENSEE CONSENTS TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT AND AGREES THAT THIS AGREEMENT IS ENFORCEABLE AGAINST LICENSEE PURSUANT TO ITS TERMS TO THE SAME EXTENT AS ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY LICENSEE. IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT THEN LICENSEE SHOULD NOT OPERATE THE FREE SOFTWARE AND LICENSEE WILL NOT BE ALLOWED TO USE INSTALL OR OPERATE THE FREE SOFTWARE. FOR AVOIDANCE OF DOUBT AND NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN STARWIND RESERVES THE RIGHT TO REFUSE ACCEPTING THIS AGREEMENT AND NOT TO PROVIDE LICENSEE WITH THE RIGHT TO USE INSTALL OR OPERATE THE FREE SOFTWARE AS CONTEMPLATED HEREUNDER FOR ANY REASON OR NO REASON.Definitions. Each of the expressions indicated below will have in this Agreement the meaning assigned to it namely:Affiliate shall mean with respect to a given Person any person or entity which directly or indirectly controls is controlled by or is under common control with the given Person; control (including with its correlative meanings controlled by and under common control with) means possession directly or indirectly of the power to direct or cause the direction of management or policies (whether through ownership of securities or partnership or other ownership interests by contract or otherwise).Confidential Information shall mean any information Free Software document or other material of any nature relating to or concerning StarWind or Licensee and/or their Affiliates that is provided or made available to receiving Party either before or after the Effective Date directly or indirectly in any form whatsoever including in writing orally and machine readable and including but not be limited to any correspondence memoranda notes e-mails formulas samples equipment compilations blueprints business information technical information know-how information regarding patents patent applicati
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Licensee is subject to the terms and conditions of this Agreement whether Licensee accesses or obtains Free Software directly from https://www.starwindsoftware.com/ or through any other source. By Using installing and/or Operating Free Software Licensee agrees to be bound by the terms of this Agreement. LICENSEE WILL HAVE THE OPPORTUNITY TO ACCEPT THIS OFFER OF AGREEMENT THROUGH A CLICK-THROUGH PROCEDURE. IF LICENSEE DOES NOT WISH TO ACCEPT THE TERMS OF THIS AGREEMENT AND/OR TO DECLINE THIS AGREEMENT LICENSEE SHALL NOT USE INSTALL OR OPERATE THE FREE SOFTWARE. IF LICENSEE CHOOSES TO ACCEPT THE TERMS OF THIS AGREEMENT LICENSEE MAY DO SO BY CHECKING I AGREE USING THE DESIGNATED CHECK BOX LICENSEES CLICK OF THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON IS A SYMBOL OF LICENSEES SIGNATURE AND BY CLICKING ON THE I AGREE TO TERMS OF THIS AGREEMENT BUTTON LICENSEE CONSENTS TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT AND AGREES THAT THIS AGREEMENT IS ENFORCEABLE AGAINST LICENSEE PURSUANT TO ITS TERMS TO THE SAME EXTENT AS ANY WRITTEN NEGOTIATED AGREEMENT SIGNED BY LICENSEE. IF LICENSEE DOES NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT THEN LICENSEE SHOULD NOT OPERATE THE FREE SOFTWARE AND LICENSEE WILL NOT BE ALLOWED TO USE INSTALL OR OPERATE THE FREE SOFTWARE. FOR AVOIDANCE OF DOUBT AND NOTWITHSTANDING ANYTHING TO THE CONTRARY HEREIN STARWIND RESERVES THE RIGHT TO REFUSE ACCEPTING THIS AGREEMENT AND NOT TO PROVIDE LICENSEE WITH THE RIGHT TO USE INSTALL OR OPERATE THE FREE SOFTWARE AS CONTEMPLATED HEREUNDER FOR ANY REASON OR NO REASON.Definitions. Each of the expressions indicated below will have in this Agreement the meaning assigned to it namely:Affiliate shall mean with respect to a given Person any person or entity which directly or indirectly controls is controlled by or is under common control with the given Person; control (including with its correlative meanings controlled by and under common control with) means possession directly or indirectly of the power to direct or cause the direction of management or policies (whether through ownership of securities or partnership or other ownership interests by contract or otherwise).Confidential Information shall mean any information Free Software document or other material of any nature relating to or concerning StarWind or Licensee and/or their Affiliates that is provided or made available to receiving Party either before or after the Effective Date directly or indirectly in any form whatsoever including in writing orally and machine readable and including but not be limited to any correspondence memoranda notes e-mails formulas samples equipment compilations blueprints business information technical information know-how information regarding patents patent applicati
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Window detected: Number of UI elements: 19
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Window detected: Number of UI elements: 19
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-OCNA5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-DOD6O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-LA1DS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-DMGAR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-RRJPS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-2T9SC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-NDNT1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-C445H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-PM8AC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-0U75Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-NJRVA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-JTGFU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-9PTPC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-239NR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-UHSSF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-3DPGP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QT18L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QMAR7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-VPH09.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QH72R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QVHTU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-HKUCL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QJJQG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-SRQKS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-OCF30.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-JNOSU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-043UQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-ED59I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-6S65I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-QULGP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-U7152.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-80TNO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-S80ND.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-BHS0U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-MMA8U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-9CMA4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-VUIE8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-G86Q6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-I8RA6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-LQIVE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-H973S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-728T9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-6QBCJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-HGVAF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-FIGM0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-OAJUU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-GCANT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-SN4HU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-NTL6D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-PAU7U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-4G0NR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-I6VGK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-JUSQQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-468L0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-F99S5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-MRML8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-T4VT0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-M84MS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-HQLOK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-FDG2J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\is-03KQM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\is-EOQIC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Directory created: C:\Program Files\StarWind Software\StarWind V2V Converter\unins000.msg Jump to behavior
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Source: starwindconverter.exe Static PE information: certificate valid
Source: starwindconverter.exe Static file information: File size 40311016 > 1048576
Source: starwindconverter.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: d:\build\ob\bora-4938387\bora\build\release\p2v\modules\vstor2\amd64\vstor2.pdb source: vstor2-mntapi20-shared.sys.6.dr
Source: Binary string: D:\build\ob\bora-13861102\bora\build\scons\build\LIBRARIES\vmacore\win64\release\vmacore.pdb source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdbH source: vcredist_x64.exe, 0000001B.00000002.3025002722.000000006C6D5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\build\ob\bora-6437881\cayman_pcre\build\release\win64_vc120\pcre\build\Release\pcre.pdb source: is-728T9.tmp.1.dr
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixDepCA.pdb source: vc_redist.x64.130.exe, 0000000E.00000003.2567281053.0000000000A70000.00000004.00000020.00020000.00000000.sdmp, vc_redist.x64.130.exe, 0000000E.00000003.2569148419.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, 64f25b.msi.22.dr
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb source: vc_redist.x64.130.exe, 0000000E.00000003.2566575331.0000000000A57000.00000004.00000020.00020000.00000000.sdmp, vc_redist.x64.130.exe, 0000000E.00000002.2659285084.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000E.00000000.2310506729.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000F.00000002.2695158245.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000F.00000000.2312377149.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vcredist_x64.exe, 0000001A.00000002.2706467527.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001A.00000000.2695000937.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001B.00000002.3017994106.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001B.00000000.2699885293.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vc_redist.x64.140.exe, 0000001C.00000000.2700767939.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001C.00000002.2739200058.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001D.00000000.2705924171.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001D.00000002.2741446991.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, is-03KQM.tmp.1.dr
Source: Binary string: D:\build\ob\bora-6437881\cayman_pcre\build\release\win64_vc120\pcre\build\Release\pcre.pdb"" source: is-728T9.tmp.1.dr
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@E source: vc_redist.x64.130.exe, 0000000E.00000003.2566575331.0000000000A57000.00000004.00000020.00020000.00000000.sdmp, is-03KQM.tmp.1.dr
Source: Binary string: d:\build\ob\bora-13861102\bora\build\release-x64\apps\vmware-vdiskmanager\vmware-vdiskmanager.pdb source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\build\ob\bora-13861102\bora\build\scons\build\LIBRARIES\vmomi\win64\release\vmomi.pdb source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d:\build\ob\bora-13861102\bora\build\release-x64\apps\vmware-vdiskmanager\vmware-vdiskmanager.pdb source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\WixStdBA.pdb source: vcredist_x64.exe, 0000001B.00000002.3025002722.000000006C6D5000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\build\ob\bora-12677144\cayman_openssl\build\release\win64_vc90sp1\openssl\build\out32dll\libeay32.pdb source: is-VUIE8.tmp.1.dr
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb@ source: vc_redist.x64.130.exe, 0000000E.00000002.2659285084.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000E.00000000.2310506729.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000F.00000002.2695158245.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vc_redist.x64.130.exe, 0000000F.00000000.2312377149.00000000007FA000.00000002.00000001.01000000.00000009.sdmp, vcredist_x64.exe, 0000001A.00000002.2706467527.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001A.00000000.2695000937.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001B.00000002.3017994106.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp, vcredist_x64.exe, 0000001B.00000000.2699885293.0000000000AAA000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: E:\delivery\Dev\wix37\build\ship\x86\burn.pdb` source: vc_redist.x64.140.exe, 0000001C.00000000.2700767939.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001C.00000002.2739200058.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001D.00000000.2705924171.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp, vc_redist.x64.140.exe, 0000001D.00000002.2741446991.0000000000DEB000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Projects\aws\sdk_build\bin\Release\aws-cpp-sdk-s3.pdb source: is-9PTPC.tmp.1.dr
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00450994 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 1_2_00450994
PE file contains sections with non-standard names
Source: is-VUIE8.tmp.1.dr Static PE information: section name: fipstx
Source: is-VUIE8.tmp.1.dr Static PE information: section name: fipsro
Source: is-VUIE8.tmp.1.dr Static PE information: section name: fipsda
Source: is-VUIE8.tmp.1.dr Static PE information: section name: fipsrd
Source: is-NTL6D.tmp.1.dr Static PE information: section name: fipstx
Source: is-NTL6D.tmp.1.dr Static PE information: section name: fipsda
Source: is-NTL6D.tmp.1.dr Static PE information: section name: fipsrd
Source: is-NTL6D.tmp.1.dr Static PE information: section name: fipsro
Source: is-03KQM.tmp.1.dr Static PE information: section name: .wixburn
Source: is-EOQIC.tmp.1.dr Static PE information: section name: .wixburn
Source: vcredist_x64.exe.14.dr Static PE information: section name: .wixburn
Source: vcredist_x64.exe.15.dr Static PE information: section name: .wixburn
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_00406A18 push 00406A55h; ret 0_2_00406A4D
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_004040B5 push eax; ret 0_2_004040F1
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_00404185 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_00404206 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_004042E8 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_00404283 push 00404391h; ret 0_2_00404389
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_004093B4 push 004093E7h; ret 0_2_004093DF
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_00408580 push ecx; mov dword ptr [esp], eax 0_2_00408585
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00409D9C push 00409DD9h; ret 1_2_00409DD1
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0041A078 push ecx; mov dword ptr [esp], ecx 1_2_0041A07D
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00452100 push ecx; mov dword ptr [esp], eax 1_2_00452105
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0040A273 push ds; ret 1_2_0040A29D
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004062C4 push ecx; mov dword ptr [esp], eax 1_2_004062C5
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0040A29F push ds; ret 1_2_0040A2A0
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00460518 push ecx; mov dword ptr [esp], ecx 1_2_0046051C
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00496594 push ecx; mov dword ptr [esp], ecx 1_2_00496599
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004587B4 push 004587ECh; ret 1_2_004587E4
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00410930 push ecx; mov dword ptr [esp], edx 1_2_00410935
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00486A94 push ecx; mov dword ptr [esp], ecx 1_2_00486A99
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00478D50 push ecx; mov dword ptr [esp], edx 1_2_00478D51
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00412D78 push 00412DDBh; ret 1_2_00412DD3
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0040D288 push ecx; mov dword ptr [esp], edx 1_2_0040D28A
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0040546D push eax; ret 1_2_004054A9
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0040553D push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004055BE push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0040563B push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004056A0 push 00405749h; ret 1_2_00405741
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0040F7E8 push ecx; mov dword ptr [esp], edx 1_2_0040F7EA
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004438E0 push ecx; mov dword ptr [esp], ecx 1_2_004438E4
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00459ACC push 00459B10h; ret 1_2_00459B08
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0049BD44 pushad ; retf 1_2_0049BD53
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QMAR7.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120deu.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\is-03KQM.tmp Jump to dropped file
Source: C:\Windows\System32\cmd.exe File created: C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-UHSSF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmomi.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-239NR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-NJRVA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\glib-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-M84MS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\iconv.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\vstor2-mntapi20-shared.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\vstor2-x64.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libldap_r.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-T4VT0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libldap.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-G86Q6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-s3.dll (copy) Jump to dropped file
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File created: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\wixstdba.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-OCF30.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-VPH09.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\unins000.exe (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120cht.dll Jump to dropped file
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmware-vdiskmanager.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-FIGM0.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120esn.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-iam.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vixDiskLibVim.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-SN4HU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-80TNO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-mqtt.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\gobject-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-U7152.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-4G0NR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\ssleay32MD.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120rus.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-PAU7U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-s3.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-6QBCJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-H973S.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-SRQKS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-JNOSU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-DMGAR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vim-types.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\ssleay32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-OAJUU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Users\user\AppData\Local\Temp\is-UGUD3.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-auth.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QT18L.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-GCANT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-I8RA6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-9CMA4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-BHS0U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vixDiskLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vixMntapi.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-io.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-HKUCL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-cal.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120enu.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\is-EOQIC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\testing-resources.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-compression.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\libeay32MD.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-ec2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\zlib1.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120ita.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\pcre.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QJJQG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-LA1DS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vddkReporter.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\gsoap.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-3DPGP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-crt-cpp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-NTL6D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcamp120.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\expat.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-common.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-sdkutils.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-JTGFU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\V2V_ConverterConsole.exe (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120chs.dll Jump to dropped file
Source: C:\Users\user\Desktop\starwindconverter.exe File created: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-DOD6O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\wastorage.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\vcruntime140_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libxml2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-event-stream.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmacore.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-043UQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-2T9SC.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120fra.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\ssoclient.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-MRML8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\diskLibPlugin.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QVHTU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-http.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\vstor2-x86.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-9PTPC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-VUIE8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-NDNT1.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcomp120.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-I6VGK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\intl.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\cpprest140_2_9.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-checksums.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-OCNA5.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120kor.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-0U75Q.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libcurl.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-6S65I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-core.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libeay32.dll (copy) Jump to dropped file
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File created: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.be\vcredist_x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QH72R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-ED59I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-F99S5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-LQIVE.tmp Jump to dropped file
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-RRJPS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-C445H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-HGVAF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\V2V_Converter.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\gthread-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-QULGP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-MMA8U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-728T9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\gvmomi.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120jpn.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\is-PM8AC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-S80ND.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\liblber.dll (copy) Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File created: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120deu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120ita.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcomp120.dll Jump to dropped file
Source: C:\Windows\System32\cmd.exe File created: C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120kor.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120fra.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120rus.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\vcamp120.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120cht.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120enu.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120jpn.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120chs.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\System32\mfc120esn.dll Jump to dropped file
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File created: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\license.rtf Jump to behavior
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe File created: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\license.rtf
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe File created: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1028\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1029\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1031\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1036\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1040\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1041\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1042\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1045\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1046\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1049\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\1055\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\2052\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\3082\license.rtf
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe File created: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\license.rtf
Creates or modifies windows services
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore Jump to behavior
Modifies existing windows services
Source: C:\Windows\System32\SrTasks.exe Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarWind Software Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarWind Software\StarWind V2V Converter Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarWind Software\StarWind V2V Converter\StarWind V2V Converter.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarWind Software\StarWind V2V Converter\Uninstall.lnk Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {050d4fc8-5d48-4b8f-8972-47c82c46020f} Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {050d4fc8-5d48-4b8f-8972-47c82c46020f} Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {050d4fc8-5d48-4b8f-8972-47c82c46020f} Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce {050d4fc8-5d48-4b8f-8972-47c82c46020f} Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc query vstor2-mntapi20-shared
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 1_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0042405C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus, 1_2_0042405C
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00422CAC SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow, 1_2_00422CAC
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0041811E IsIconic,SetWindowPos, 1_2_0041811E
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00418120 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement, 1_2_00418120
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004245E4 IsIconic,SetActiveWindow, 1_2_004245E4
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0042462C IsIconic,SetActiveWindow,SetFocus, 1_2_0042462C
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004187D4 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient, 1_2_004187D4
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00484D28 IsIconic,GetWindowLongA,ShowWindow,ShowWindow, 1_2_00484D28
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0042F71C IsIconic,GetWindowLongA,GetWindowLongA,GetActiveWindow,MessageBoxA,SetActiveWindow,GetActiveWindow,MessageBoxA,SetActiveWindow, 1_2_0042F71C
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004179E8 IsIconic,GetCapture, 1_2_004179E8
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0041F568 GetVersion,SetErrorMode,LoadLibraryA,SetErrorMode,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary, 1_2_0041F568
Source: C:\Users\user\Desktop\starwindconverter.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\wbem\WMIC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\VSSVC.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX
Contains capabilities to detect virtual machines
Source: C:\Windows\System32\svchost.exe File opened / queried: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp File opened / queried: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmware-vdiskmanager.exe Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QMAR7.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120deu.dll Jump to dropped file
Source: C:\Windows\System32\cmd.exe Dropped PE file which has not been started: C:\Windows\System32\drivers\vstor2-mntapi20-shared.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-UHSSF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-239NR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-NJRVA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\glib-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-M84MS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\iconv.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\vstor2-mntapi20-shared.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\vstor2-x64.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libldap_r.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libldap.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-T4VT0.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-G86Q6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-s3.dll (copy) Jump to dropped file
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\wixstdba.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-OCF30.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-VPH09.tmp Jump to dropped file
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\wixstdba.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120cht.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmware-vdiskmanager.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-FIGM0.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120esn.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-iam.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vixDiskLibVim.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-SN4HU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-80TNO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-mqtt.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\gobject-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-U7152.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-4G0NR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\ssleay32MD.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120rus.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-PAU7U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-s3.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-6QBCJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-H973S.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-SRQKS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-JNOSU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-DMGAR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\ssleay32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-OAJUU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-UGUD3.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-auth.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-GCANT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QT18L.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-I8RA6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-9CMA4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vixDiskLib.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-BHS0U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vixMntapi.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-io.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-HKUCL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-cal.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120enu.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-compression.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\libeay32MD.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-ec2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\zlib1.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120ita.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\pcre.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QJJQG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-LA1DS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vddkReporter.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\gsoap.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-3DPGP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-crt-cpp.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-NTL6D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\vcamp120.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\expat.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-sdkutils.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-common.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-JTGFU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\V2V_ConverterConsole.exe (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120chs.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-DOD6O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\wastorage.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libxml2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-event-stream.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmacore.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-043UQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-2T9SC.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120fra.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\ssoclient.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\is-MRML8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\diskLibPlugin.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\AMD64\vstor2-x86.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QVHTU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-http.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-VUIE8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-9PTPC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-NDNT1.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\vcomp120.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\intl.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-I6VGK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-checksums.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\cpprest140_2_9.dll (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120kor.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-0U75Q.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libcurl.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-6S65I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-core.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\libeay32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-QH72R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-ED59I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-F99S5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-LQIVE.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-RRJPS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-C445H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-HGVAF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\V2V_Converter.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\gthread-2.0.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-QULGP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-728T9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-MMA8U.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\System32\mfc120jpn.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\is-PM8AC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\is-S80ND.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Dropped PE file which has not been started: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\liblber.dll (copy) Jump to dropped file
Found evaded block containing many API calls
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Evaded block: after key decision
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Evaded block: after key decision
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Evaded block: after key decision
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Evaded block: after key decision
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Evaded block: after key decision
Found evasive API chain (date check)
Source: C:\Users\user\Desktop\starwindconverter.exe Evasive API call chain: GetSystemTime,DecisionNodes
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Found evasive API chain checking for process token information
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\SrTasks.exe TID: 3384 Thread sleep time: -280000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 6396 Thread sleep time: -30000s >= -30000s
Queries disk information (often used to detect virtual machines)
Source: C:\Windows\System32\svchost.exe File opened: PhysicalDrive0
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Uses the system / local time for branch decision (may execute only at specific dates)
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007EF195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 007EF236h 14_2_007EF195
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007EF195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 007EF22Fh 14_2_007EF195
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A9F195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00A9F236h 26_2_00A9F195
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A9F195 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00A9F22Fh 26_2_00A9F195
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DDF805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 05h and CTI: je 00DDF8A6h 28_2_00DDF805
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DDF805 GetLocalTime followed by cmp: cmp dword ptr [ebp+08h], 01h and CTI: je 00DDF89Fh 28_2_00DDF805
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File Volume queried: C:\Windows FullSizeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00476120 FindFirstFileA,FindNextFileA,FindClose, 1_2_00476120
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004531A4 FindFirstFileA,GetLastError, 1_2_004531A4
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_004648D0 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_004648D0
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00464D4C SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode, 1_2_00464D4C
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00463344 FindFirstFileA,FindNextFileA,FindClose, 1_2_00463344
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0049998C FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose, 1_2_0049998C
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007D8BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 14_2_007D8BE8
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007F66A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 14_2_007F66A3
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007F5710 _memset,FindFirstFileW,FindClose, 14_2_007F5710
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00AA66A3 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 26_2_00AA66A3
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A88BE8 _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 26_2_00A88BE8
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00AA5710 _memset,FindFirstFileW,FindClose, 26_2_00AA5710
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 27_2_6C6CA685 _memset,FindFirstFileW,FindClose, 27_2_6C6CA685
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DE6D15 _memset,_memset,GetFileAttributesW,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,GetLastError,GetLastError,GetLastError,FindClose, 28_2_00DE6D15
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DE5D81 _memset,FindFirstFileW,FindClose, 28_2_00DE5D81
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DC8E6E _memset,FindFirstFileW,lstrlenW,FindNextFileW,FindClose, 28_2_00DC8E6E
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_0040A018 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery, 0_2_0040A018
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\NULL Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\vcRuntimeAdditional_amd64 Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532 Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\NULL Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe File opened: C:\ProgramData\Package Cache\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}v14.36.32532\packages\NULL Jump to behavior
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware-authd version (%s) does not match that of client (%u.%u)220 VMware Authentication Daemon Version %u.%uVersion NFCSSL supportedNFCSSL supported/tVMXARGS supported%s: BANNER check skipped.
Source: starwindconverter.tmp, 00000001.00000003.2809523994.0000000002314000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: UC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmware-vdiskmanager.exe
Source: is-728T9.tmp.1.dr Binary or memory string: http://www.vmware.com/0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_set_connect_state
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_CRYPTO_set_locking_callback
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_default_verify_paths
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_bf_cbc
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_sk_new_null
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware vSphere API Browser
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_EncryptFinal
Source: starwindconverter.tmp, 00000001.00000003.2809369381.00000000005F3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_WRAPPER_WORKSTATION_NOT_INSTALLED)Service type VIX_SERVICEPROVIDER_VMWARE_WORKSTATION was specified but not installed
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_MD_CTX_init
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SHA1_Final
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_CTX_get_error
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_f_ssl
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get1_session
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ENGINE_finish
Source: starwindconverter.tmp, 00000001.00000003.2104952718.0000000002304000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmware-vdiskmanager.exe`
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ex 5: vmware-vdiskmanager.exe -n sourceName.vmdk destinationName.vmdk
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_NAME_hash
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware.log
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SOFTWARE\Wow6432Node\VMware, Inc.\VMware Workstation\AccountInfoA_SAIFVM: Failed to convert filename
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_set_version
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_get_digestbyname
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.managedObjectInPath
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_UI_OpenSSL
Source: svchost.exe, 00000012.00000003.2547985746.0000021EAE065000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_PKEY_type
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_get_serialNumber
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_gmtime_adj
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_CRYPTO_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.notAnObject
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="amd64" name="VMware.VMware.diskUtil" type="win32"></assemblyIdentity><description>"VMware Virtual Disk Manager"</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.30729.4148" processorArchitecture="amd64" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RAND_seed
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_read_bio_PrivateKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_cert_store
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SHA1_Update
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_INSTALL_ERROR)The VMware Tools installation failed with an unknown error
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VVOL_MSCS_SUPPORTVUMForVSAN_UIVUMForVSAN_BEVsanEncryptVSAN_UNMAPVSAN_VITVSAN_StorageEfficiencyVSAN_IPv6VSAN_IopsLimitVSAN_ErasureCodingVSAN_EncryptionVSAN_CoreDumpVSAN_ChecksumVRDMAVpxdUserVpxdOwnsPermissionsVmknicGatewayvNVMeControllerVMXSandboxvmw_ahcivmkusbvmkataVMFS6VMForkVMcryptVMConsoleUserVMAFD_ESXVCHA_EmbeddedVCHAVC_SecureHeartbeatVC_VAPI_ShimVC_Events_SyslogVC_Events_RetentionVC_Events_LevelFilterVC_Events_DBHealthVC_Events_BurstFilterVCDB_UIVASA3VADPUPITHostCapabilityUSBArbitrator_EnableAutoStartUI_TELEMETRY_ENHTLSv12DefaultSRIOV_NFVSoftNUMASIOCv2RoleEventsAuditingQualityROCEV2RISE_vSphereRISERemoveWFMPowerOnRDMACMqflgeqfle3qedentvProactiveHaProactiveDrsPrepareVmsForSanOnlyPMemOneKVolumesOneGbPagenvmxnet3ntg3NSX_VSWITCH_DRSNOVAnominal_qfle3nominal_qflgenominal_ntg3nominal_ixgbennmlx5_rdmanmlx5_coreNicMgmtnhpsa_nominalnhpsaNFS_AESNFS41_KRB5INFC_DISABLED_IN_VPXANetworkAwareDrsne1000nenicNBD_AIONativeBrowserFileTransferNativeFCOEMirror_ERSPANlsi_msgpt2lsi_mr3_fusionLiveRefreshLicensingMyVmwareSyncixgbeniSCSI_NSXISERIO_FILTERS_UIipmiigbni40enHelper2HWv13HPParallelOperationsHPHostSpecHPExtPluginsHPEngineParallelHPEngineServiceHPCompositeHostProfileHPBulkAnswerFileHBRPerformanceHARestartOrderHaAdmCtrlEnhancementGUEST_SECURE_BOOTgfmsFT_INTEROP_DRSFT_DATASTORE_RANKINGFCDeSwapEditHaUIEnhancementsencryptedVMotionDirectModuleLoadingdcbConfigDaemonManagementSupportCustomAttributesUiCoreStorage_4knDevSupportCL_StreamOptDisksOnDsSupportCL_JsonPersistenceOnDsCL_ISO_ServiceCL_GuestOsCustomizeCBRC2B2BBackupRestoreAUTOMATED_VUM_UPGRADEAsyncNFCApplianceMonitoringAdvancedVCDeploymentMetricsFeatureStateLib: reading feature states from config file: %s
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_write
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.notAnArray
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_MD5_Update
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS12_parse
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS7_verify
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_default_passwd_cb_userdata
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_CTX_init
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_client_cert_cb
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BUF_MEM_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_add_crl
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_d2i_DSA_PUBKEY
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ENGINE_set_default
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS7_get_signer_info
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DH_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_PKEY_assign
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_MNTAPI_CANT_MAKE_VAR_DIR)Cannot create directory '/var/run/vmware/fuse'
Source: vstor2-mntapi20-shared.sys.6.dr Binary or memory string: LegalCopyrightCopyright (C) 1998-2016 VMware, Inc.>
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: d:\build\ob\bora-13861102\bora\build\release-x64\apps\vmware-vdiskmanager\vmware-vdiskmanager.pdb
Source: is-VUIE8.tmp.1.dr Binary or memory string: CERTIFICATECERTIFICATECERTIFICATECERTIFICATETRUSTED CERTIFICATETRUSTED CERTIFICATETRUSTED CERTIFICATETRUSTED CERTIFICATECERTIFICATE PAIRCERTIFICATE PAIRCERTIFICATE PAIRCERTIFICATE PAIR.\crypto\pem\pem_oth.c.\crypto\pem\pem_pk8.c.\crypto\pem\pem_pk8.c.\crypto\pem\pem_pk8.c.\crypto\pem\pem_pk8.c.\crypto\pem\pem_pk8.cENCRYPTED PRIVATE KEYENCRYPTED PRIVATE KEYENCRYPTED PRIVATE KEYENCRYPTED PRIVATE KEYPRIVATE KEYPRIVATE KEYPRIVATE KEYPRIVATE KEYANY PRIVATE KEYPRIVATE KEYENCRYPTED PRIVATE KEY.\crypto\pem\pem_pkey.cPRIVATE KEY.\crypto\pem\pem_pkey.c%s PRIVATE KEYPARAMETERSPARAMETERS.\crypto\pem\pem_pkey.c%s PARAMETERS.\crypto\pem\pem_pkey.c.\crypto\pem\pem_pkey.cDH PARAMETERSX9.42 DH PARAMETERS.\crypto\pem\pem_pkey.c.\crypto\pem\pem_pkey.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.c.\crypto\pem\pvkfmt.cC:\Program Files (x86)\VMware\OpenSSL/privateC:\Program Files (x86)\VMware\OpenSSLC:\Program Files (x86)\VMware\OpenSSL/certsC:\Program Files (x86)\VMware\OpenSSL/cert.pemSSL_CERT_DIRSSL_CERT_FILE.\crypto\x509\x509_r2x.c.\crypto\x509\x509_cmp.c.\crypto\x509\x509_cmp.c.\crypto\x509\x509_cmp.c.\crypto\x509\x509_cmp.cNO X509_NAME.\crypto\x509\x509_obj.c.\crypto\x509\x509_obj.c.\crypto\x509\x509_obj.c.\crypto\x509\x509_req.c.\crypto\x509\x509_req.c.\crypto\x509\x509_req.c.\crypto\x509\x509_req.c.\crypto\x509\x509_req.c.\crypto\x509\x509_req.c.\crypto\x509\x509_req.c
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_INSTALL_IN_PROGRESS)A VMware Tools installation is already in progress
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_sha384
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_use_RSAPrivateKey_file
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_alert_desc_string_long
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_set_tmp_dh_callback
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_get_ex_data
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Error writing to vmware-authd socket. error %d
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_ctrl
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_CTX_get_error_depth
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_MD_CTX_md
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_shutdown
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_CRL_verify
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_sha256
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_padding_add_PKCS1_OAEP
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_new
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSLv23_client_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_HMAC_CTX_cleanup
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_get_error
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_MD_CTX_cleanup
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CIPHER_get_name
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CIPHER_get_version
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_debug_sessiondoPathmethodvmodllogoutlogout/finish"
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ble5Sistema de archivos desconocido. Contactar con VMware
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VixDiskLibInitCommonfilelog.fileNamelog.logMinLevelvixDiskLibLock0.06.5.4VMware Virtual Disk Development KitVixDiskLib: Failed to initialize logging!VixDiskLib: %s: Failed to initialize VixDiskLib. %s at %d.
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ex 3: vmware-vdiskmanager.exe -r sourceDisk.vmdk -t 0 destinationDisk.vmdk
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_d2i_PKCS7
Source: starwindconverter.tmp, 00000001.00000002.2812251955.0000000003591000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmware-vdiskmanager.exeC
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_OBJECT_free_contents
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ?GetVMwareClient@RequestContextMixin@Vmacore@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_print_errors
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_CTX_get_current_cert
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_AES_encrypt
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_INTEGER_get
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SSLSystemStoreFromStoreCtxCertificate verification failureThe length of the certificate key is too short.The certificate uses an unsafe digest algorithm.The certificate version is invalid.This certificate's extended key usage extension does not allow it to be used for server authentication.Other certificate trust error.There was an error when trying to check the server's SSL certificate.The host certificate chain is incomplete.A certificate trust list used to create this chain was not time-valid.A certificate trust list used to create this chain did not have a valid signature.A certificate trust list used to create this chain is not valid for this usage.The certificate is explicitly not trusted.The certificate is invalid for its proposed usage.The certificate is based on an untrusted root.The revocation status of the certificate is unknown.The certificate is part of a cycle in its chain of trust.The certificate has no valid signature.The end certificate has no resultant issuance policies, and there is an issuing certification authority certificate that has a policy constraints extension requiring it.The certificate does not support a critical extension.The certificate is not time-valid.The certificate is not properly time-nested.Trust for the certificate has been revoked.The certificate or one of the certificates in the certificate chain has an offline or stale revocation status.The name constraints extension of the certificate or one of the certificates in the certificate chain contains unsupported fields. The minimum and maximum fields are not supported. Minimum must always be zero and maximum must always be absent.The certificate or one of the certificates in the certificate chain has a name constraints extension and there is no name constraint for one of the name choices in the end certificate.The certificate or one of the certificates in the certificate chain has a name constraints extension, and a permitted name constraint is missing for one of the name choices in the end certificate.The certificate or one of the certificates in the certificate chain has a name constraints extension, and there is a name choice in the end certificate that is explicitly excluded.The certificate or one of the certificates in the certificate chain has an invalid name constraints extension.A certificate in the host's chain is explicitly not trusted.One of the certificates has an invalid extension.The certificate or one of the certificates in the certificate chain has a policy constraints extension, and one of the issued certificates has a disallowed policy mapping extension or a missing required issuance policies extension.The certificate or one of the certificates in the certificate chain has a basic constraints extension, and either the certificate cannot be used to issue other certificates, or the chain path length has been exceeded.A cycle in the certificate chain of trust was detected.A certificate in the host's chain does not have a valid signature.A certi
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: To collect data to submit to VMware technical support, run "vm-support".
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_ex_data
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_OPENSSL_add_all_algorithms_noconf
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_MD_CTX_destroy
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ENGINE_get_id
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_add_dir_cert_subjects_to_stack
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ?GetVMwareClient@SessionMixin@Vmacore@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BN_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_REQ_set_pubkey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EC_KEY_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_f_buffer
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: <VMWARE-NULL>
Source: svchost.exe, 00000012.00000003.2548064283.0000021EAE06D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware-CSRF-Token
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_write_bio_PUBKEY
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_version
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ENGINE_register_all_digests
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: FileFindExistingSafeTmpDir%s\%s-%s-*vmware%s: Failed to create a safe temporary directory, path "%s". The maximum number of attempts was exceeded.
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_STRING_length
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_ex_data_X509_STORE_CTX_idx
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: CnxConnectAuthdVMWARE_HTTPSPROXY%s: Error message: %s
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BN_num_bits
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.stringKeyTypeMismatch.data
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DSA_sign
Source: starwindconverter.tmp, 00000001.00000003.1733720466.0000000003280000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: !{app}\lib\vmware-vdiskmanager.exe
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: %SystemDrive%\%ProgramData%\VMware\vCenterServer\cfgVMWARE_CFG_DIRFeatureStateLib: %s = entry not in dict
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_AES_ecb_encrypt
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ENGINE_load_private_key
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ENGINE_get_first
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_i2d_X509
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_TIME_print
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_debug_session
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ENGINE_cleanup
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_read_bio_RSAPublicKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_set_flags
Source: starwindconverter.tmp, 00000001.00000003.2105015420.0000000003590000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \rogram Files\StarWind Software\StarWind V2V Converter\lib\expat.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\glib-2.0.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\gobject-2.0.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\gthread-2.0.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\gvmomi.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\iconv.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\intl.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libcurl.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libeay32.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\liblber.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libldap.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libldap_r.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libxml2.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\pcre.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\ssleay32.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\ssoclient.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vddkReporter.exeC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vim-types.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vixDiskLib.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vixDiskLibVim.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vixMntapi.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmacore.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmomi.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmware-vdiskmanager.exeC:\Program Files\StarWind Software\StarWind V2V Converter\lib\zlib1.dllC:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exeC:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SOFTWARE\VMware, Inc.\%s
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_CTX_get_ex_data
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_get_ex_new_index
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_MD5_Final
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware ReservedVMware HiddenDEVCREAT: num Partition mismatch!
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EC_KEY_new_by_curve_name
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_INSTALL_INIT_FAILED)The VMware Tools installation failed to initialize
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Failed to read vmware-authd port number: %s
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_TLSv1_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_set_flags
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_OBJ_txt2nid
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_NAME_cmp
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RAND_get_rand_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_ctrl
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_version
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_verify_depth
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_new
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_TLSv1_1_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_verify
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ProductNameVMware WorkstationN
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_set_purpose
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_LOOKUP_ctrl
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: | VMware
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_write_bio_X509_REQ
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_print_fp
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_tmp_dh_callback
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS7_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_reason_error_string
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_session_id_context
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS7_ctrl
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_get_by_subject
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_get_ex_new_index
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_connect
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Host address lookup for server %s failed: %sInvalid data read while getting status code.Premature end of status line while getting status code.Premature end of status line while getting version number.Response status line did not begin with '%s'.HTTP/Must specify username and passwordConnection terminated by serverBuffer overrun while reading from network connectionMalformed response from serverConnection terminated by server, ret %d err %dWait error %u while attempting readTimeout while attempting readError writing to vmware-authd socket. error %dWait error %u while attempting writeTimeout while attempting writeEnumStrings: Out of memory while enumerating string.
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_LOOKUP_hash_dir
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_add_lookup
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_callback_ctrl
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_sign
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_fd
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSLv23_server_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_DecryptUpdate
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_read_PrivateKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_AES_set_encrypt_key
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509V3_EXT_d2i
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_INSTALL_GUEST_NOT_READY)VMware Tools are not running in the guest OS. Automatic upgrade is not possible
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_cmp_current_time
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_INSTALL_CANCELLED)The VMware Tools installation was canceled
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.lenghAlreadySeen
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_TLSv1_client_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS12_PBE_add
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_set_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_read_bio_PKCS7
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_ctrl
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_use_PrivateKey_file
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSLv3_method
Source: is-VUIE8.tmp.1.dr Binary or memory string: C:\Program Files (x86)\VMware\OpenSSL
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ?SetVMwareClient@SessionMixin@Vmacore@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: CompanyNameVMware, Inc.`
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Session's UserBinding : %1Session's vmware_client : %1Session's UserAgent : %1User-Agent[ResolveSession] ResolveSession calledsoapSessionIdVMware-CSRF-TokenHTTP/1.1Content-LengthSet-CookieKeep-AlivecloseConnectionLocationContent-TypeTransfer-Encoding"
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_new_file
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_GENERAL_NAME_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_OBJ_nid2sn
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SHA1_Transform
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_DigestInit
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSLv3_client_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: (VMware internal)
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.managedObjectInPathcom.vmware.vim.propertyPath.error.unexpectedArraycom.vmware.vim.propertyPath.error.notAnObjectcom.vmware.vim.propertyPath.error.notFoundcom.vmware.vim.propertyPath.error.stringKeyTypeMismatch.datacom.vmware.vim.propertyPath.error.stringKeyTypeMismatchcom.vmware.vim.propertyPath.error.intKeyTypeMismatch.datacom.vmware.vim.propertyPath.error.intKeyTypeMismatchcom.vmware.vim.propertyPath.error.notAnArraycom.vmware.vim.propertyPath.error.lenghAlreadySeen0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_check_ca
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_private_encrypt
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_INTEGER_to_BN
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.unexpectedArray
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: b:vmware_client"
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS7_cert_from_signer_info
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_PKEY_new
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_NAME_new
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DSA_verify
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BUF_strlcpy
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_cleanup
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMWARE.JOURNAL.VER.1.0."
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_clear
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_get_error_line_data
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_MD4_Init
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SHA256_Init
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware Virtual Disk Development Kit
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_INSTALL_DEVICE_NOT_CONNECTED)The guest operating system device used for installation of VMware Tools is not connected
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_STRING_to_UTF8
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_ex_new_index
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_read_bio_RSAPrivateKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMWARE.JOURNAL.VER.1.0.
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SnapshotGetDisksWorkpolicy.vm.sourcevmidvmx-debug-zdumpvmx-zdumpvmmcorescore.vmware64-corevmware-coreSVGAnextIdFloppyPADRLADRFstoppedintrIdxddLencompRingSizereservedddPAcompRingBaseEthernetlevelStatescsiSeqNumberscsiQuiesceModevidevm.suspendTime.clientDataMStatsfpuLevelStatesmmVersioncpuOut of memoryCheckpoint is from a newer versionBad magic in the headerCan't open the fileUnknown error.Cryptography failed.I/O error.Unrecognized data format.Required key was not supplied.The operation completed successfully.@&!*@*@(msg.vmencryptor.error-NEEDSREPAIR)One of the virtual machine's disks needs repair@&!*@*@(msg.vmencryptor.error-FILE_LOCKED)The virtual machine appears to be in use@&!*@*@(msg.vmencryptor.error-VERSION)Encryption is not allowed on this virtual machine@&!*@*@(msg.vmencryptor.error-DISKSPACE)Insufficient disk space@&!*@*@(msg.vmencryptor.error-HASCLONE)Cannot change the encryption state of a virtual machine that has linked clones@&!*@*@(msg.vmencryptor.error-SNAPSHOTLIB)Snapshot library problem@&!*@*@(msg.vmencryptor.error-UNLOCK_FAILED)Failed to unlock the virtual machine@&!*@*@(msg.vmencryptor.error-BAD_KEY)The password specified is incorrect@&!*@*@(msg.vmencryptor.error-NO_PRIVATE_KEY)Imported key is not a private key@&!*@*@(msg.vmencryptor.error-VM_HAS_CHECKPOINT)Cannot change the encryption state of a virtual machine with a snapshot@&!*@*@(msg.vmencryptor.error-NO_PASSWORD)The virtual machine is not password-protected@&!*@*@(msg.vmencryptor.error-CANCELLED)Operation canceled@&!*@*@(msg.vmencryptor.error-NO_AUTHENT_KEYS)Authentication keys are required@&!*@*@(msg.vmencryptor.error-DISKLIB)Disk problem@&!*@*@(msg.vmencryptor.error-CRYPTO)Encryption libraries problem@&!*@*@(msg.vmencryptor.error-BAD_PARAMETER)Bad parameter@&!*@*@(msg.vmencryptor.error-VM_NOT_ENC)The virtual machine is not encrypted@&!*@*@(msg.vmencryptor.error-UNRECOVERABLE)The virtual machine might be corrupted@&!*@*@(msg.vmencryptor.error-FILEIO)File I/O problem@&!*@*@(msg.vmencryptor.error-KEYSAFE)Key safe library problem@&!*@*@(msg.vmencryptor.error-KEYLOCATOR)Failed to locate keys@&!*@*@(msg.vmencryptor.error-DICTIONARY)Dictionary problem@&!*@*@(msg.vmencryptor.error-UNKNOWN)Unknown error@&!*@*@(msg.vmencryptor.error-NOMEM)Out of memory@&!*@*@(msg.vmencryptor.error-SUCCESS)The operation completed successfully`
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_OpenSSL_add_all_ciphers
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_sk_num
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_HGFS_MOUNT_FAIL)There was an error mounting the Shared Folders file system inside the guest operating system
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_write_bio_PKCS8PrivateKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware VI Client
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_aes_256_xts
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_VerifyFinal
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: bora\lib\log\log.ccustomvmware
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_VERIFY_PARAM_set_flags
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_CIPHER_CTX_block_size
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ?SetVMwareClient@RequestContextMixin@Vmacore@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: GetSystemFirmwareTableKernel32.dllSOFTWARE\%sVMware, Inc.UUIDCreateRandomUnstylized12.0e.x.pproductStateLockIgnoring subsequent product state set
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DH_new
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_GENERAL_NAMES_free
Source: svchost.exe, 00000012.00000002.3019156896.0000021EAE058000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_use_PrivateKey
Source: is-728T9.tmp.1.dr Binary or memory string: CompanyNameVMware
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509V3_add_standard_extensions
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_read
Source: vstor2-mntapi20-shared.sys.6.dr Binary or memory string: FileDescriptionVMware Virtual Storage Volume Driverj%
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: 1998-2019 VMware, Inc.<
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_new
Source: is-VUIE8.tmp.1.dr Binary or memory string: OPENSSLDIR: "C:\Program Files (x86)\VMware\OpenSSL"
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_CTX_new
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: 1998-2019 VMware, Inc.@
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_des_cbc
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_NAME_ENTRY_get_object
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_set_pubkey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DSA_generate_parameters
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.stringKeyTypeMismatch
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS7_get0_signers
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_shutdown
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_free_strings
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_want
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ex 4: vmware-vdiskmanager.exe -x 36GB myDisk.vmdk
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_INSTALL_ALREADY_UP_TO_DATE)VMware Tools are already up to date
Source: starwindconverter.tmp, 00000001.00000003.2104952718.0000000002304000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: 0\lib\vmware-vdiskmanager.exe.ex
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_DecryptInit_ex
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_CRYPTO_malloc
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_free_all
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: 1998-2019 VMware, Inc.X
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BN_bn2hex
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_load_crypto_strings
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_verify_cert_error_string
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_DecryptFinal_ex
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_remove_state
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_new_socket
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Unidad de disco RAM5Tipo de controlador desconocido. Contactar con VMware2GetDiskFreeSpaceEx() f
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RAND_SSLeay
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_PKEY_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_peek_last_error
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_get_verify_callback
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ENGINE_init
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SOFTWARE\Wow6432Node\VMware, Inc.\VMware Workstation\AccountInfo
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_set_client_CA_list
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_current_cipher
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: W32Util_GetVMwareGroupSid
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SHA256
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_d2i_PKCS7_fp
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.panic.requestSupport.vmSupport.vmx86)
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_HMAC_Init_ex
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_quiet_shutdown
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RAND_set_rand_method
Source: starwindconverter.tmp, 00000001.00000002.2811384946.000000000061A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Zrogram Files\StarWind Software\StarWind V2V Converter\lib\vmware-vdiskmanager.exe
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSLeay
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_CONF_modules_unload
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_DecryptFinal
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_HMAC_Init
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_TLSv1_2_server_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_s_mem
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_generate_key_ex
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.intKeyTypeMismatch.data
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: 0VMware k0J0OUD0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DH_generate_parameters
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_vfree
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSLv2_client_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_CRYPTO_set_id_callback
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS5_PBKDF2_HMAC
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware User GroupCan't get token info: %s
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: LicensingMyVmwareSync
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_write_bio_RSAPublicKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BN_cmp
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSLv2_method
Source: starwindconverter.tmp, 00000001.00000003.1733811204.00000000022B8000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: {app}\lib\vmware-vdiskmanager.exe
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware Workstation
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_error_string
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_new_connect
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: E0No-User-AgentKeep-AlivecloseConnectionUser-AgentVMware VI ClientVMware-clientVMware-client/3
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SHA1
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RAND_file_name
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_i2d_X509_AUX
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ex 1: vmware-vdiskmanager.exe -c -s 850MB -a ide -t 0 myIdeDisk.vmdk
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_CRYPTO_set_mem_functions
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_digest
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_size
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_WRAPPER_PLAYER_NOT_INSTALLED)Service type VIX_SERVICEPROVIDER_VMWARE_PLAYER was specified but not installed
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMWARE_CFG_DIR
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_EncryptInit_ex
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware Internal Program Data Ver 0.1R_Crypto() failed
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_STRING_data
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_load_verify_locations
Source: SrTasks.exe, 00000014.00000002.2819747854.0000016F51573000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c
Source: is-728T9.tmp.1.dr Binary or memory string: http://www.vmware.com/0/
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_new
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_TLSv1_2_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: <VMWARE-EMPTYSTRING>
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Ramdisk drive"Unknown drive type. Contact VMware
Source: SrTasks.exe, 00000014.00000003.2785323228.0000016F5155C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33czd2P
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_DigestFinal_ex
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_sk_value
Source: starwindconverter.tmp, 00000001.00000002.2812251955.0000000003591000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: C:\Program Files\StarWind Software\StarWind V2V Converter\lib\vmware-vdiskmanager.exe, includ
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_NAME_get_index_by_NID
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_EXTENSION_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DSA_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_get_issuer_name
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_clear_error
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_new_fp
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_error
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_read
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: CompanyNameVMware, Inc.T
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SHA256_Final
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_CTX_get_chain
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_HMAC_Final
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: CompanyNameVMware, Inc.Z
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_i2d_PublicKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: sconosciuto. Contatta supporto VMware
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_tmp_rsa_callback
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_PKEY_set1_DSA
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_SignFinal
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_PKEY_bits
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_MD4_Final
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_TLSv1_1_server_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_DecryptInit
Source: SrTasks.exe, 00000014.00000003.2742961480.0000016F5155C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b$d
Source: starwindconverter.tmp, 00000001.00000003.2808887043.00000000035AC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Program Files\StarWind Software\StarWind V2V Converter\ssleay32MD.dllC:\Program Files\StarWind Software\StarWind V2V Converter\gsoap.dllC:\Program Files\StarWind Software\StarWind V2V Converter\wastorage.dllC:\Program Files\StarWind Software\StarWind V2V Converter\vcruntime140_1.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-core.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-ec2.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-iam.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-s3.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-auth.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-cal.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-common.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-compression.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-event-stream.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-checksums.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-http.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-io.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-mqtt.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-cpp-sdk-core.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-crt-cpp.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-s3.dllC:\Program Files\StarWind Software\StarWind V2V Converter\aws-c-sdkutils.dllC:\Program Files\StarWind Software\StarWind V2V Converter\testing-resources.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\diskLibPlugin.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\expat.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\glib-2.0.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\gobject-2.0.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\gthread-2.0.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\gvmomi.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\iconv.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\intl.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libcurl.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libeay32.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\liblber.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libldap.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libldap_r.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\libxml2.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\pcre.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\ssleay32.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\ssoclient.dllC:\Program Files\StarWind Software\StarWind V2V Converter\lib\vddkReporter.exeC:\Program Files\StarWind Software\Star
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_new_mem_buf
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_sk_pop_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_new_bio_pair
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_certificate
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_CRYPTO_cleanup_all_ex_data
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_library_init
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ex 7: vmware-vdiskmanager.exe -k myDisk.vmdk
Source: SrTasks.exe, 00000014.00000003.2817580024.0000016F51573000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c}d3V
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BN_new
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_OBJ_obj2nid
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_s2i_ASN1_INTEGER
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_NOT_RUNNING)VMware Tools are not running in the guest
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_public_encrypt
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_d2i_DSAPrivateKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_state_string_long
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_CTX_set_verify_cb
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_read_bio_DHparams
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: me de fichiers inconnu. Contactez VMware
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RAND_add
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PKCS12_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DES_set_key
Source: svchost.exe, 00000012.00000002.3019477708.0000021EAE060000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ,@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_alert_type_string_long
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_pending
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_get_subject_name
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_d2i_PKCS12_fp
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: cM vmware-vmacore-"
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_use_certificate_file
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_INSTALL_AUTO_NOT_SUPPORTED)The VMware Tools installation cannot be upgraded automatically
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_CRYPTO_num_locks
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_TLSv1_2_client_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RAND_load_file
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_cert_verify_callback
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_peek
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware-core
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_TOOLS_INSTALL_IMAGE_COPY_FAILED)Could not copy VMware Tools image to the guest operating system
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_HMAC_Update
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_func_error_string
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: authd.forceUseForStandaloneVMXthe VMware Authorization Service%s could not connect to %s for the following reason: %s
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ReleaseVMwarebuild-13861102VixDiskLib: Release socket.
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Error code mismatch in multi-line vmware-authd response. First line error code %d, next line %d.
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_get_ext_d2i
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BN_set_word
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_use_certificate_chain_file
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: d:\build\ob\bora-13861102\bora\build\release-x64\apps\vmware-vdiskmanager\vmware-vdiskmanager.pdb
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ERR_error_string_n
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_test_flags
Source: vstor2-mntapi20-shared.sys.6.dr Binary or memory string: ProductNameVMware vCenter Converter StandaloneL
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_peer_certificate
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: User-Agent: VMware-client/6.5.0
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_PKEY_copy_parameters
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_default_passwd_cb
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_NAME_get_text_by_NID
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.intKeyTypeMismatch
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMWARE_HTTPSPROXY
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: the VMware Authorization Service
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_write
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_free
Source: VSSVC.exe, 00000011.00000002.3018829606.000002286C577000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000ViuX
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_NAME_add_entry_by_txt
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Badly formed response from vmware-authd: '%s'
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ProductNameVMware Virtual Disk Development KitN
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DSA_size
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware64-core
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: | VMwarePA
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_NAME_print_ex
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SHA256_Transform
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: rimovibile1File system sconosciuto. Contatta supporto VMware
Source: is-VUIE8.tmp.1.dr Binary or memory string: C:\Program Files (x86)\VMware\OpenSSL/certs
Source: starwindconverter.tmp, 00000001.00000003.2104952718.0000000002304000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: \lib\vmware-vdiskmanager.exe
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware-client
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_INTEGER_set
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_renegotiate
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_DigestUpdate
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: RamDisk-Laufwerk3Unbekannter Laufwerktyp. Wenden Sie sich an VMware.
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_STRING_type
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_CIPHER_iv_length
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_MNTAPI_INTERNAL)An internal error has occurred. Contact VMware support
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_set_accept_state
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_state
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1647
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RAND_egd
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_get_ext_by_NID
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_OBJ_NAME_add
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_private_decrypt
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_INTEGER_cmp
Source: svchost.exe, 00000018.00000002.3027027290.0000023D4CA5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000018.00000002.3024081333.0000023D4762B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMWARE
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ENGINE_register_all_ciphers
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_PKEY_set1_RSA
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_md5
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_TLSv1_1_client_method
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: %SystemDrive%\%ProgramData%\VMware\vCenterServer\cfg
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: W32Util_GetVMwareGroupSid__vmware__%s: Failed directory attributes check, "%s"
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CIPHER_get_bits
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_i2d_DSAPrivateKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_soap_sessionSOAPAction"
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: FileDescriptionVMware Virtual Disk ManagerJ
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_HMAC
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_sha512
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_load_error_strings
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_aes_128_cbc
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_d2i_PublicKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DH_size
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_SESSION_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_read_bio_RSA_PUBKEY
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_check_private_key
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_set_ex_data
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware-session-nonce
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007433000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: com.vmware.vim.propertyPath.error.notFound
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_CTX_set_cipher_list
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_STORE_CTX_trusted_stack
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_aes_256_ecb
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_AES_cbc_encrypt
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_RSA_public_decrypt
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_ASN1_INTEGER_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_CRL_free
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_d2i_PrivateKey
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_DES_set_odd_parity
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_verify_result
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: @&!*@*@(msg.foundryErrMsgId.VIX_E_OP_NOT_SUPPORTED_ON_NON_VMWARE_VM)The command is supported only on VMware virtual machines
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_EVP_aes_128_ecb
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ex 2: vmware-vdiskmanager.exe -d myDisk.vmdk
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: PANIC: %sd:/build/ob/bora-13861102/bora/lib/connect/cnx.c\\.\pipe\vmware-authdpipe%s: Returning false because CnxAuthdProtoConnect failed
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_X509_REQ_set_subject_name
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware, Inc.
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_d2i_X509
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Session's vmware_client : %1
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_new
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_get_privatekey
Source: svchost.exe, 00000012.00000002.3019156896.0000021EAE042000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ar&Prod_VMware_SATA_CD00#4&224f4
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: build-%05uSOFTWARE\VMware, Inc.\%sversionname%s:%d Buffer too small
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_MD5_Init
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware-authd version (%s) does not match that of client (%u.%u)
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000007744000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware Reserved
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: \\.\pipe\%s\%s.%dVMWARE%s-fdbora\lib\connect\cnxListen.cCnx: No username or IP address received from peer.
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_SSL_set_fd
Source: SrTasks.exe, 00000014.00000003.2752001905.0000016F5155C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: WORKGROUPar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_BIO_f_base64
Source: starwindconverter.tmp, 00000001.00000003.2805000516.0000000006E77000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmware_PEM_ASN1_read_bio
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe API call chain: ExitProcess graph end node
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe API call chain: ExitProcess graph end node
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007EA0AC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 14_2_007EA0AC
Contains functionality to dynamically determine API calls
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00450994 GetVersion,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 1_2_00450994
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007F235D GetProcessHeap,RtlReAllocateHeap, 14_2_007F235D
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007EA0AC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 14_2_007EA0AC
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007E8A42 SetUnhandledExceptionFilter, 14_2_007E8A42
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007E7EAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 14_2_007E7EAA
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A9A0AC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 26_2_00A9A0AC
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A98A42 SetUnhandledExceptionFilter, 26_2_00A98A42
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 26_2_00A97EAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 26_2_00A97EAA
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 27_2_6C6CB88C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 27_2_6C6CB88C
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Code function: 27_2_6C6CC9C1 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 27_2_6C6CC9C1
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DD90B2 SetUnhandledExceptionFilter, 28_2_00DD90B2
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DD851A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 28_2_00DD851A
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Code function: 28_2_00DDA71C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 28_2_00DDA71C
Contains functionality to launch a program with higher privileges
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0047974C ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle, 1_2_0047974C
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\wbem\WMIC.exe wmic OS get OSArchitecture Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\findstr.exe findstr 64 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc query vstor2-mntapi20-shared Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc create vstor2-mntapi20-shared type= kernel start= auto error= normal binpath= System32\drivers\vstor2-mntapi20-shared.sys DisplayName= "Vstor2 MntApi 2.0 Driver (shared)" group= System Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\sc.exe sc start vstor2-mntapi20-shared Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0042F254 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMutexA, 1_2_0042F254
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_0042E4EC AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid, 1_2_0042E4EC
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: GetLocaleInfoA, 0_2_0040565C
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: GetLocaleInfoA, 0_2_004056A8
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: GetLocaleInfoA, 1_2_004089B8
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: GetLocaleInfoA, 1_2_00408A04
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\logo.png VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\logo.png VolumeInformation
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.140.exe Queries volume information: C:\Users\user\AppData\Local\Temp\{e46eca4f-393b-40df-9f49-076faf788d83}\.ba1\logo.png VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00458DC4 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle, 1_2_00458DC4
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_004026C4 GetSystemTime, 0_2_004026C4
Source: C:\Users\user\AppData\Local\Temp\is-DTP8T.tmp\starwindconverter.tmp Code function: 1_2_00455D38 GetUserNameA, 1_2_00455D38
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Code function: 14_2_007F7D79 GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime, 14_2_007F7D79
Source: C:\Users\user\Desktop\starwindconverter.exe Code function: 0_2_00404654 GetModuleHandleA,GetVersion,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetProcessDEPPolicy, 0_2_00404654
Source: C:\Program Files\StarWind Software\StarWind V2V Converter\vc\vc_redist.x64.130.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1432220 Sample: starwindconverter.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 11 7 starwindconverter.exe 2 2->7         started        10 msiexec.exe 2->10         started        12 chrome.exe 2->12         started        15 6 other processes 2->15 dnsIp3 55 C:\Users\user\...\starwindconverter.tmp, PE32 7->55 dropped 17 starwindconverter.tmp 25 85 7->17         started        57 C:\Windows\System32\vcomp120.dll, PE32+ 10->57 dropped 59 C:\Windows\System32\vcamp120.dll, PE32+ 10->59 dropped 61 C:\Windows\System32\mfc120rus.dll, PE32+ 10->61 dropped 63 9 other files (none is malicious) 10->63 dropped 77 192.168.2.4, 138, 443, 49731 unknown unknown 12->77 79 239.255.255.250 unknown Reserved 12->79 20 chrome.exe 12->20         started        81 127.0.0.1 unknown unknown 15->81 23 conhost.exe 15->23         started        25 vcredist_x64.exe 15->25         started        file4 process5 dnsIp6 47 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 17->47 dropped 49 C:\Program Files\...\wastorage.dll (copy), PE32+ 17->49 dropped 51 C:\...\vcruntime140_1.dll (copy), PE32+ 17->51 dropped 53 113 other files (none is malicious) 17->53 dropped 27 cmd.exe 2 17->27         started        30 vc_redist.x64.130.exe 34 18 17->30         started        32 vc_redist.x64.140.exe 17->32         started        75 www.google.com 142.250.64.196, 443, 49742, 49743 GOOGLEUS United States 20->75 file7 process8 file9 71 C:\Windows\...\vstor2-mntapi20-shared.sys, PE32+ 27->71 dropped 34 WMIC.exe 1 27->34         started        36 conhost.exe 27->36         started        38 findstr.exe 1 27->38         started        45 3 other processes 27->45 73 C:\ProgramData\...\vcredist_x64.exe, PE32 30->73 dropped 40 vc_redist.x64.130.exe 18 30->40         started        43 vc_redist.x64.140.exe 32->43         started        process10 file11 65 C:\Users\user\AppData\...\vcredist_x64.exe, PE32 40->65 dropped 67 C:\Users\user\AppData\Local\...\wixstdba.dll, PE32 40->67 dropped 69 C:\Users\user\AppData\Local\...\wixstdba.dll, PE32 43->69 dropped
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.64.196
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.2.4
127.0.0.1

Contacted Domains

Name IP Active
www.google.com 142.250.64.196 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 false
    		high
    https://www.google.com/async/newtab_promos false
      		high
      https://www.google.com/async/ddljson?async=ntp:2 false
        		high
        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
          		high
          https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmgZjcGM-ar7EGIjAqkOFqfrWsUuYYc-cHY4mS2DMqZX8MiAbTgaXolWeyzV_Jwf75R-0hkajKDO7EEd0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
            		high
            https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmgZjcGM-ar7EGIjDPDwLUDTsFOtyhKJAT5DyNT4-JYGy8AQvI_i61IsKnO-HCW4ZF9DcmjkgW5xqtABsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM false
              		high