Source: PRTService.exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: C:\Users\user\Desktop\PRTService.exe | File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll |
Source: PRTService.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: | Binary string: C:\Dev\CliSecure\Libraries\MSILJitter\bin\RELEASE\win32\AgileDotNetRT.pdb source: PRTService.exe, 00000001.00000002.207457246.000000006E481000.00000002.00020000.sdmp, AgileDotNetRT.dll.1.dr |
Source: | Binary string: C:\Windows\exe\PRTService.pdb source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: V:\ID-CHECK\Windows\NetDLL\Release\IDCheckNet.pdb source: PRTService.exe |
Source: | Binary string: C:\Windows\symbols\exe\PRTService.pdb source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: V:\ID-Check\IDCDeviceController\NetDeviceController\Release\IDCDeviceControllerNet.pdb source: PRTService.exe |
Source: | Binary string: mscorjit.pdb source: PRTService.exe, 00000001.00000002.207332184.0000000005A60000.00000004.00000001.sdmp |
Source: | Binary string: C:\Windows\PRTService.pdb` source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: indows\PRTService.pdbpdbice.pdbs\ source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: .pdb3 source: PRTService.exe, 00000001.00000002.206095329.0000000001336000.00000004.00000001.sdmp |
Source: | Binary string: V:\ID-Check\IDCDeviceController\NetDeviceController\Release\IDCDeviceControllerNet.pdb source: PRTService.exe |
Source: | Binary string: c:\Users\CarlosQ\Documents\Visual Studio 2012\Projects\ASAIComLayer\PRTService\obj\Release\PRTService.pdb source: PRTService.exe |
Source: | Binary string: C:\Users\user\Desktop\PRTService.pdb source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: mscorjit.pdb{ source: PRTService.exe, 00000001.00000002.207332184.0000000005A60000.00000004.00000001.sdmp |
Source: | Binary string: symbols\exe\PRTService.pdb source: PRTService.exe, 00000001.00000002.206095329.0000000001336000.00000004.00000001.sdmp |
Source: | Binary string: 1<pC:\Windows\PRTService.pdb source: PRTService.exe, 00000001.00000002.206095329.0000000001336000.00000004.00000001.sdmp |
Source: | Binary string: mscorrc.pdb source: PRTService.exe, 00000001.00000002.207107980.00000000057B0000.00000002.00000001.sdmp |
Source: | Binary string: c:\Users\CarlosQ\Documents\Visual Studio 2012\Projects\ASAIComLayer\PRTService\obj\Release\PRTService.pdb\ source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: C:\Users\user\Desktop.pdbervice.exe < source: PRTService.exe, 00000001.00000002.206095329.0000000001336000.00000004.00000001.sdmp |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00EC29D8 |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00EC345E |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00EC2050 |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00F529D8 |
Source: C:\Users\user\Desktop\PRTService.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 852 |
Source: PRTService.exe | Binary or memory string: OriginalFilename vs PRTService.exe |
Source: PRTService.exe, 00000001.00000002.207476598.000000006E486000.00000002.00020000.sdmp | Binary or memory string: OriginalFilename vs PRTService.exe |
Source: PRTService.exe, 00000001.00000000.197033489.0000000000EF8000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameIDCDeviceControllerNet.dllD vs PRTService.exe |
Source: PRTService.exe, 00000001.00000000.197033489.0000000000EF8000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameIDCheckNet.dllH vs PRTService.exe |
Source: PRTService.exe, 00000001.00000002.207107980.00000000057B0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs PRTService.exe |
Source: PRTService.exe, 00000001.00000002.207177360.0000000005810000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs PRTService.exe |
Source: PRTService.exe | Binary or memory string: OriginalFilenameIDCDeviceControllerNet.dllD vs PRTService.exe |
Source: PRTService.exe | Binary or memory string: OriginalFilenameIDCheckNet.dllH vs PRTService.exe |
Source: PRTService.exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: AgileDotNetRT.dll.1.dr | Static PE information: Section: .reloc IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: AgileDotNetRT.dll.1.dr | Static PE information: Section: .reloc IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: classification engine | Classification label: sus26.evad.winEXE@3/4@0/0 |
Source: C:\Users\user\Desktop\PRTService.exe | File created: C:\Users\user\AppData\Local\Temp\1d7a2c72-3aee-4299-91f8-2280595a512b | Jump to behavior |
Source: PRTService.exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\PRTService.exe | Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll |
Source: C:\Users\user\Desktop\PRTService.exe | Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp |
Source: C:\Users\user\Desktop\PRTService.exe | Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp |
Source: C:\Users\user\Desktop\PRTService.exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | File read: C:\Windows\System32\drivers\etc\hosts | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | File read: C:\Windows\System32\drivers\etc\hosts | Jump to behavior |
Source: PRTService.exe | String found in binary or memory: Load Timed Out/LoadJurisTable Status: |
Source: C:\Users\user\Desktop\PRTService.exe | File read: C:\Users\user\Desktop\PRTService.exe | Jump to behavior |
Source: unknown | Process created: C:\Users\user\Desktop\PRTService.exe 'C:\Users\user\Desktop\PRTService.exe' |
Source: C:\Users\user\Desktop\PRTService.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 852 |
Source: C:\Users\user\Desktop\PRTService.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 852 |
Source: C:\Users\user\Desktop\PRTService.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 |
Source: C:\Users\user\Desktop\PRTService.exe | File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll |
Source: PRTService.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: C:\Users\user\Desktop\PRTService.exe | File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll |
Source: PRTService.exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: PRTService.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: C:\Dev\CliSecure\Libraries\MSILJitter\bin\RELEASE\win32\AgileDotNetRT.pdb source: PRTService.exe, 00000001.00000002.207457246.000000006E481000.00000002.00020000.sdmp, AgileDotNetRT.dll.1.dr |
Source: | Binary string: C:\Windows\exe\PRTService.pdb source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: V:\ID-CHECK\Windows\NetDLL\Release\IDCheckNet.pdb source: PRTService.exe |
Source: | Binary string: C:\Windows\symbols\exe\PRTService.pdb source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: V:\ID-Check\IDCDeviceController\NetDeviceController\Release\IDCDeviceControllerNet.pdb source: PRTService.exe |
Source: | Binary string: mscorjit.pdb source: PRTService.exe, 00000001.00000002.207332184.0000000005A60000.00000004.00000001.sdmp |
Source: | Binary string: C:\Windows\PRTService.pdb` source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: indows\PRTService.pdbpdbice.pdbs\ source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: .pdb3 source: PRTService.exe, 00000001.00000002.206095329.0000000001336000.00000004.00000001.sdmp |
Source: | Binary string: V:\ID-Check\IDCDeviceController\NetDeviceController\Release\IDCDeviceControllerNet.pdb source: PRTService.exe |
Source: | Binary string: c:\Users\CarlosQ\Documents\Visual Studio 2012\Projects\ASAIComLayer\PRTService\obj\Release\PRTService.pdb source: PRTService.exe |
Source: | Binary string: C:\Users\user\Desktop\PRTService.pdb source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: mscorjit.pdb{ source: PRTService.exe, 00000001.00000002.207332184.0000000005A60000.00000004.00000001.sdmp |
Source: | Binary string: symbols\exe\PRTService.pdb source: PRTService.exe, 00000001.00000002.206095329.0000000001336000.00000004.00000001.sdmp |
Source: | Binary string: 1<pC:\Windows\PRTService.pdb source: PRTService.exe, 00000001.00000002.206095329.0000000001336000.00000004.00000001.sdmp |
Source: | Binary string: mscorrc.pdb source: PRTService.exe, 00000001.00000002.207107980.00000000057B0000.00000002.00000001.sdmp |
Source: | Binary string: c:\Users\CarlosQ\Documents\Visual Studio 2012\Projects\ASAIComLayer\PRTService\obj\Release\PRTService.pdb\ source: PRTService.exe, 00000001.00000002.206457935.0000000003195000.00000004.00000040.sdmp |
Source: | Binary string: C:\Users\user\Desktop.pdbervice.exe < source: PRTService.exe, 00000001.00000002.206095329.0000000001336000.00000004.00000001.sdmp |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E478500 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree, |
Source: AgileDotNetRT.dll.1.dr | Static PE information: section name: .textbss |
Source: AgileDotNetRT.dll.1.dr | Static PE information: section name: .didat |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00EC31F4 push ecx; retf 0000h |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00F19CD4 push eax; ret |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00F19CD4 push eax; ret |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00F70498 push eax; ret |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00F70498 push eax; ret |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_00F19EA7 push ecx; ret |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E47569E push eax; ret |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48AE07 push 00000C3Fh; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48A621 push 000003C8h; mov dword ptr [esp], ebx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48A688 push 000023F7h; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E488F68 push 000073FDh; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E488717 push 000010B9h; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48B7C3 push 00001947h; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E489C41 push 00001F00h; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E489463 push 00007DDCh; mov dword ptr [esp], ebp |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E488C34 push 00007802h; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48B4AA push 00007F81h; mov dword ptr [esp], ebx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48AD67 push 0000183Fh; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E487DCD push 00000237h; mov dword ptr [esp], esi |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48AA36 push 00003619h; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48C348 push 00004A85h; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48831F push 000008ABh; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48A3AE push 000063D4h; mov dword ptr [esp], ecx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48B068 push 00000FACh; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48902C push 00002D0Eh; mov dword ptr [esp], edi |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48A82F push 000019CCh; mov dword ptr [esp], esp |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48B8D6 push 0000142Bh; mov dword ptr [esp], eax |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48997F push 0000120Bh; mov dword ptr [esp], edx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48A93F push 00005B3Dh; mov dword ptr [esp], ebx |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E48A1D0 push 00000289h; mov dword ptr [esp], edi |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E4889FD push 00006D00h; mov dword ptr [esp], eax |
Source: initial sample | Static PE information: section name: .text entropy: 6.82449258024 |
Source: initial sample | Static PE information: section name: .reloc entropy: 7.44136591955 |
Source: C:\Users\user\Desktop\PRTService.exe | File created: C:\Users\user\AppData\Local\Temp\1d7a2c72-3aee-4299-91f8-2280595a512b\AgileDotNetRT.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\PRTService.exe | RDTSC instruction interceptor: First address: 000000006E472D12 second address: 000000006E472D96 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-10h], eax 0x00000005 mov dword ptr [ebp-0Ch], edx 0x00000008 mov eax, dword ptr [ebp-10h] 0x0000000b sub eax, dword ptr [ebp-08h] 0x0000000e mov edx, dword ptr [ebp-0Ch] 0x00000011 sbb edx, dword ptr [ebp-04h] 0x00000014 pop edi 0x00000015 pop esi 0x00000016 pop ebx 0x00000017 mov esp, ebp 0x00000019 pop ebp 0x0000001a ret 0x0000001b mov dword ptr [6E4833C0h], eax 0x00000020 mov dword ptr [6E4833C4h], edx 0x00000026 mov dword ptr [ebp-0Ch], 00000000h 0x0000002d jmp 00007FF90CA8700Bh 0x0000002f mov eax, dword ptr [ebp-0Ch] 0x00000032 cmp eax, dword ptr [ebp+08h] 0x00000035 jnl 00007FF90CA87046h 0x00000037 rdtsc |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E472D50 rdtsc |
Source: PRTService.exe, 00000001.00000002.207177360.0000000005810000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: PRTService.exe, 00000001.00000002.207177360.0000000005810000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: PRTService.exe, 00000001.00000002.207177360.0000000005810000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: PRTService.exe, 00000001.00000002.207177360.0000000005810000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\PRTService.exe | Process queried: DebugPort |
Source: C:\Users\user\Desktop\PRTService.exe | Process queried: DebugPort |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E472D50 rdtsc |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E478500 GetCurrentProcess,GetCurrentProcess,GetFileVersionInfoSizeW,GetProcessHeap,HeapAlloc,GetFileVersionInfoW,LoadLibraryW,GetProcAddress,GetProcessHeap,HeapFree, |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E47EF00 GetProcessHeap,RtlAllocateHeap, |
Source: C:\Users\user\Desktop\PRTService.exe | Memory allocated: page read and write | page guard |
Source: C:\Users\user\Desktop\PRTService.exe | Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 852 |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E4767C0 MessageBoxW,GetSystemTimeAsFileTime,CompareFileTime,MessageBoxW, |
Source: C:\Users\user\Desktop\PRTService.exe | Code function: 1_2_6E471EA0 GetVersionExW, |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.