Source: cambridge.shareholdersuite.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: cambridge.shareholdersuite.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: cambridge.shareholdersuite.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 808 |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
File read: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Source: C:\Windows\SysWOW64\WerFault.exe |
File created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER74FA.tmp |
Source: cambridge.shareholdersuite.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: cambridge.shareholdersuite.exe |
Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01% |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf92dcc11e428fd5adf02632b5d4414f\mscorlib.ni.dll |
Source: C:\Windows\SysWOW64\WerFault.exe |
Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf92dcc11e428fd5adf02632b5d4414f\mscorlib.ni.dll |
Source: C:\Windows\SysWOW64\WerFault.exe |
Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf92dcc11e428fd5adf02632b5d4414f\mscorlib.ni.dll |
Source: classification engine |
Classification label: clean2.winEXE@2/6@0/10 |
Source: unknown |
Process created: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 808 |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 |
Source: C:\Windows\SysWOW64\WerFault.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6440 |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Source: C:\Windows\SysWOW64\WerFault.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll |
Source: cambridge.shareholdersuite.exe |
Static file information: File size 16980992 > 1048576 |
Source: cambridge.shareholdersuite.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR |
Source: cambridge.shareholdersuite.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: cambridge.shareholdersuite.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1018600 |
Source: cambridge.shareholdersuite.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: cambridge.shareholdersuite.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process queried: DebugPort |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Process queried: DebugPort |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Memory allocated: page read and write | page guard |
Source: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe |
Queries volume information: C:\Users\alfredo\Desktop\cambridge.shareholdersuite.exe VolumeInformation |
Source: C:\Windows\SysWOW64\WerFault.exe |
Queries volume information: C:\ProgramData\Microsoft\Windows\WER\Temp VolumeInformation |
Source: C:\Windows\SysWOW64\WerFault.exe |
Queries volume information: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_cambridge.shareh_b0b1b6854f979e9e27d3f079aaadcb4db67090f2_dd0f84fe_82132d7a-9be1-4710-9e0b-377f233cb68f\Report.wer VolumeInformation |