Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdbrNv source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D93000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: oC:\Windows\Microsoft.NET\Framework\v4.0.30319\applaunch.pdbx source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D93000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004CEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.1680721486.00000000059B0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.1680721486.00000000059B0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\applaunch.pdb]qnS* source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\System.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ^symbols\exe\applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: o.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdblZ source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004CEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: IL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: AppLaunch.exe, 00000001.00000002.2914980573.0000000009330000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: %%.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D93000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2910684393.0000000004CEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\applaunch.pdb]q6 source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: applaunch.pdblaunch.pdbpdbnch.pdb.0.30319\applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n4C:\Windows\applaunch.pdbA source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\exe\applaunch.pdbdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2910684393.0000000004CEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\applaunch.pdbpdbnch.pdbXp source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\System.pdbt source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\applaunch.pdbfo source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D93000.00000004.00000020.00020000.00000000.sdmp |
Source: file.exe, 00000000.00000002.1660234081.0000000002619000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-net |
Source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-netJ |
Source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-neti |
Source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/11564914/23354; |
Source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.1660234081.0000000002619000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/14436606/23354 |
Source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/2152978/23354 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0257CB3C |
0_2_0257CB3C |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0257F3B8 |
0_2_0257F3B8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_0257F3A8 |
0_2_0257F3A8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05A20007 |
0_2_05A20007 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05A20040 |
0_2_05A20040 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05B93570 |
0_2_05B93570 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05B96BC8 |
0_2_05B96BC8 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05B93560 |
0_2_05B93560 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05B96BB9 |
0_2_05B96BB9 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05CAE7F0 |
0_2_05CAE7F0 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05CADD70 |
0_2_05CADD70 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05C90040 |
0_2_05C90040 |
Source: C:\Users\user\Desktop\file.exe |
Code function: 0_2_05C90006 |
0_2_05C90006 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 1_2_04B61580 |
1_2_04B61580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 1_2_04B648F0 |
1_2_04B648F0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 1_2_04B61580 |
1_2_04B61580 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 1_2_04B64900 |
1_2_04B64900 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 1_2_04B612F8 |
1_2_04B612F8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 1_2_04B612E8 |
1_2_04B612E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 1_2_04B63FA8 |
1_2_04B63FA8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Code function: 1_2_04B63F3F |
1_2_04B63F3F |
Source: file.exe, 00000000.00000002.1659447623.000000000078E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs file.exe |
Source: file.exe, 00000000.00000002.1660234081.0000000002AA4000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameTniqh.exe" vs file.exe |
Source: file.exe, 00000000.00000002.1680721486.00000000059B0000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe |
Source: file.exe, 00000000.00000000.1650998732.0000000000332000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamez1.exez- vs file.exe |
Source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe |
Source: file.exe, 00000000.00000002.1660234081.00000000025A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs file.exe |
Source: file.exe, 00000000.00000002.1679440484.0000000005740000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameLajlcgecf.dll" vs file.exe |
Source: file.exe |
Binary or memory string: OriginalFilenamez1.exez- vs file.exe |
Source: file.exe, Fjbpzvxmnsr.cs |
Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.2.file.exe.3a76240.0.raw.unpack, FieldCalculator.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.file.exe.3a76240.0.raw.unpack, FilteredInspector.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.file.exe.3a76240.0.raw.unpack, FilteredInspector.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.AppLaunch.exe.7ca5aa0.3.raw.unpack, l1mI9VWxRGlEZlS2FR7.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.AppLaunch.exe.7ca5aa0.3.raw.unpack, l1mI9VWxRGlEZlS2FR7.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.AppLaunch.exe.7ca5aa0.3.raw.unpack, l1mI9VWxRGlEZlS2FR7.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.AppLaunch.exe.7d45ac0.4.raw.unpack, l1mI9VWxRGlEZlS2FR7.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.AppLaunch.exe.7d45ac0.4.raw.unpack, l1mI9VWxRGlEZlS2FR7.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.AppLaunch.exe.7d45ac0.4.raw.unpack, l1mI9VWxRGlEZlS2FR7.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.file.exe.59b0000.5.raw.unpack, TaskPrincipal.cs |
Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 0.2.file.exe.59b0000.5.raw.unpack, TaskSecurity.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges() |
Source: 0.2.file.exe.59b0000.5.raw.unpack, TaskSecurity.cs |
Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule) |
Source: 0.2.file.exe.59b0000.5.raw.unpack, TaskFolder.cs |
Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: 0.2.file.exe.59b0000.5.raw.unpack, User.cs |
Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type) |
Source: 0.2.file.exe.59b0000.5.raw.unpack, Task.cs |
Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdbrNv source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D93000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: oC:\Windows\Microsoft.NET\Framework\v4.0.30319\applaunch.pdbx source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D93000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004CEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.1680721486.00000000059B0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.1680721486.00000000059B0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\applaunch.pdb]qnS* source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.1680588817.0000000005960000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\System.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ^symbols\exe\applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: o.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdblZ source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004CEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: IL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: AppLaunch.exe, 00000001.00000002.2914980573.0000000009330000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: %%.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D93000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2910684393.0000000004CEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\applaunch.pdb]q6 source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: applaunch.pdblaunch.pdbpdbnch.pdb.0.30319\applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n4C:\Windows\applaunch.pdbA source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\exe\applaunch.pdbdb source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: applaunch.pdb source: AppLaunch.exe, 00000001.00000002.2909855431.00000000005E8000.00000004.00000010.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp, AppLaunch.exe, 00000001.00000002.2910684393.0000000004CEA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\applaunch.pdbpdbnch.pdbXp source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D34000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\System.pdbt source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D6A000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\applaunch.pdbfo source: AppLaunch.exe, 00000001.00000002.2910684393.0000000004D93000.00000004.00000020.00020000.00000000.sdmp |
Source: 0.2.file.exe.5960000.4.raw.unpack, TypeModel.cs |
.Net Code: TryDeserializeList |
Source: 0.2.file.exe.5960000.4.raw.unpack, ListDecorator.cs |
.Net Code: Read |
Source: 0.2.file.exe.5960000.4.raw.unpack, TypeSerializer.cs |
.Net Code: CreateInstance |
Source: 0.2.file.exe.5960000.4.raw.unpack, TypeSerializer.cs |
.Net Code: EmitCreateInstance |
Source: 0.2.file.exe.5960000.4.raw.unpack, TypeSerializer.cs |
.Net Code: EmitCreateIfNull |
Source: 0.2.file.exe.3a76240.0.raw.unpack, FieldCalculator.cs |
.Net Code: CalculateInterruptibleCalculator System.AppDomain.Load(byte[]) |
Source: 0.2.file.exe.59b0000.5.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
Source: 0.2.file.exe.59b0000.5.raw.unpack, ReflectionHelper.cs |
.Net Code: InvokeMethod |
Source: 0.2.file.exe.59b0000.5.raw.unpack, XmlSerializationHelper.cs |
.Net Code: ReadObjectProperties |
Source: 0.2.file.exe.5740000.2.raw.unpack, asXkdacxwMNyu0Oyerq.cs |
High entropy of concatenated method names: 'NTwZu9ZRgC', 'icGyu4GKsds5wJKvHYY', 'cTCRSxGtnAXV86jeErZ', 'I6XQDo3yO8mwH4krEjW', 'uhBHhL3AmI1h0DwFiAR' |
Source: 1.2.AppLaunch.exe.7ca5aa0.3.raw.unpack, l1mI9VWxRGlEZlS2FR7.cs |
High entropy of concatenated method names: 'd3r12FfPlROKris5kd5', 'Dy2fgvf13Ttq9W2HyGy', 'L0ZDGctTRZ', 'vh0ry9Sq2v', 'kNxD5JF74r', 'QomDFb1AZl', 'vZqDUefvMl', 'sMFDQmmNes', 'mg9bPkQUJR', 'vEiWWHIOXA' |
Source: 1.2.AppLaunch.exe.7ca5aa0.3.raw.unpack, CYZLnWjtrLQ88n28yrv.cs |
High entropy of concatenated method names: 'aYCjTbU6MH', 'VM5jPV6Rm5', 'nMdj1Hch4a', 'MZ2jSj1NIh', 'vQPjr4KsGi', 'Jlgjqxc2Dh', 'hSWjYWAejI', 'pRJjmxFYGu', 'Xphj2If8pf', 'Y59jKkKT5A' |
Source: 1.2.AppLaunch.exe.7ca5aa0.3.raw.unpack, d7OgCi5UloRlxyvSUa.cs |
High entropy of concatenated method names: 'U8pUTTqy4', 'PaJQnjdvf', 'UMjHWePCb', 'tiMi1WRud', 'fnZ9cO576', 'SxhaciWaT', 'WF2JlGUQc', 'cQxePyr2l', 'Q2nhxl3Bw', 'vLDy2hKqqVNpvOhrSea' |
Source: 1.2.AppLaunch.exe.7ca5aa0.3.raw.unpack, xJPnJRjl4fjI8X2Ou3h.cs |
High entropy of concatenated method names: 'kQW1PIwwZj', 'lWm11ecZPO', 'pbb1SRVWXd', 'env1ramKIg', 'HN41qfgkgj', 'MOv1YhVkcd', 'Rkx1mrTXER', 's3SjQr0NIy', 'oYL12HIWq4', 'Fxh1Kvlx9C' |
Source: 1.2.AppLaunch.exe.7ca5aa0.3.raw.unpack, ls10XCqKLD6JpYxt1c.cs |
High entropy of concatenated method names: 'VfrXRxXV0', 'w64bh5hID', 'u2LEecY64', 'oR6pmFDHU', 'Q9KmqALhv', 'Hgx2MEqde', 'wNQKrxTT2', 'xHKl9IIc3', 'S19fwGV7H', 'HMTCaKRD3' |
Source: 1.2.AppLaunch.exe.7d45ac0.4.raw.unpack, l1mI9VWxRGlEZlS2FR7.cs |
High entropy of concatenated method names: 'd3r12FfPlROKris5kd5', 'Dy2fgvf13Ttq9W2HyGy', 'L0ZDGctTRZ', 'vh0ry9Sq2v', 'kNxD5JF74r', 'QomDFb1AZl', 'vZqDUefvMl', 'sMFDQmmNes', 'mg9bPkQUJR', 'vEiWWHIOXA' |
Source: 1.2.AppLaunch.exe.7d45ac0.4.raw.unpack, CYZLnWjtrLQ88n28yrv.cs |
High entropy of concatenated method names: 'aYCjTbU6MH', 'VM5jPV6Rm5', 'nMdj1Hch4a', 'MZ2jSj1NIh', 'vQPjr4KsGi', 'Jlgjqxc2Dh', 'hSWjYWAejI', 'pRJjmxFYGu', 'Xphj2If8pf', 'Y59jKkKT5A' |
Source: 1.2.AppLaunch.exe.7d45ac0.4.raw.unpack, d7OgCi5UloRlxyvSUa.cs |
High entropy of concatenated method names: 'U8pUTTqy4', 'PaJQnjdvf', 'UMjHWePCb', 'tiMi1WRud', 'fnZ9cO576', 'SxhaciWaT', 'WF2JlGUQc', 'cQxePyr2l', 'Q2nhxl3Bw', 'vLDy2hKqqVNpvOhrSea' |
Source: 1.2.AppLaunch.exe.7d45ac0.4.raw.unpack, xJPnJRjl4fjI8X2Ou3h.cs |
High entropy of concatenated method names: 'kQW1PIwwZj', 'lWm11ecZPO', 'pbb1SRVWXd', 'env1ramKIg', 'HN41qfgkgj', 'MOv1YhVkcd', 'Rkx1mrTXER', 's3SjQr0NIy', 'oYL12HIWq4', 'Fxh1Kvlx9C' |
Source: 1.2.AppLaunch.exe.7d45ac0.4.raw.unpack, ls10XCqKLD6JpYxt1c.cs |
High entropy of concatenated method names: 'VfrXRxXV0', 'w64bh5hID', 'u2LEecY64', 'oR6pmFDHU', 'Q9KmqALhv', 'Hgx2MEqde', 'wNQKrxTT2', 'xHKl9IIc3', 'S19fwGV7H', 'HMTCaKRD3' |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\file.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |