Source: | Binary string: /_/artifacts/obj/manual.System/net6.0-Release/System.pdbSHA256n source: DHLIN00178.exe, 00000000.00000003.302938136.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.dll.0.dr |
Source: | Binary string: maintenanceservice.pdb@ 0%P% source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography.X509Certificates\net6.0-windows-Release\System.Security.Cryptography.X509Certificates.pdb source: DHLIN00178.exe, 00000000.00000003.301912869.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.0.dr |
Source: | Binary string: /_/artifacts/obj/manual.System/net6.0-Release/System.pdb source: DHLIN00178.exe, 00000000.00000003.302938136.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.dll.0.dr |
Source: | Binary string: System.Security.Cryptography.X509Certificates.ni.pdb source: DHLIN00178.exe, 00000000.00000003.301912869.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.0.dr |
Source: | Binary string: E:\Builds\221\N2\HO_SE_g_2016_r_0\Sources\SolutionExplorer\target\nar\bin\x86-Windows-msvc\release\SolutionExplorerCLI.pdb source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr |
Source: | Binary string: maintenanceservice.pdb source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0 |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05 |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K |
Source: DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: DHLIN00178.exe | String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: DHLIN00178.exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://ocsp.digicert.com0N |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://ocsp.digicert.com0O |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://ocsp.thawte.com0 |
Source: DHLIN00178.exe | String found in binary or memory: http://s.symcb.com/universal-root.crl0 |
Source: DHLIN00178.exe | String found in binary or memory: http://s.symcd.com06 |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://s2.symcb.com0 |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://sv.symcb.com/sv.crl0f |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://sv.symcd.com0& |
Source: DHLIN00178.exe | String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0( |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: DHLIN00178.exe | String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0 |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: DHLIN00178.exe | String found in binary or memory: http://ts-ocsp.ws.symantec.com0; |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://www.nero.com |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://www.symauth.com/cps0( |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: http://www.symauth.com/rpa00 |
Source: DHLIN00178.exe, 00000000.00000003.301912869.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.0.dr | String found in binary or memory: https://aka.ms/dotnet-warnings/ |
Source: DHLIN00178.exe, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: https://d.symcb.com/cps0% |
Source: DHLIN00178.exe, SolutionExplorerCLI.dll.0.dr | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: DHLIN00178.exe | String found in binary or memory: https://d.symcb.com/rpa0. |
Source: DHLIN00178.exe, 00000000.00000003.302938136.000000000285D000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.301912869.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.0.dr, System.dll.0.dr | String found in binary or memory: https://github.com/dotnet/runtime |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr | String found in binary or memory: https://mozilla.org0 |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr, libpkcs11-helper-1.dll.0.dr | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: C:\Users\user\Desktop\DHLIN00178.exe | Code function: 0_2_0040523F GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
Source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamemaintenanceservice.exe0 vs DHLIN00178.exe |
Source: DHLIN00178.exe, 00000000.00000003.302938136.000000000285D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameSystem.dll@ vs DHLIN00178.exe |
Source: DHLIN00178.exe, 00000000.00000003.303404197.0000000002850000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenamepkcs11-helper-1.dll" vs DHLIN00178.exe |
Source: DHLIN00178.exe, 00000000.00000003.301912869.000000000285D000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameSystem.Security.Cryptography.X509Certificates.dll@ vs DHLIN00178.exe |
Source: DHLIN00178.exe, 00000000.00000000.297999604.0000000000469000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameBrankningens.exeDVarFileInfo$ vs DHLIN00178.exe |
Source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameSolutionExplorerCLI.dll vs DHLIN00178.exe |
Source: DHLIN00178.exe | Binary or memory string: OriginalFilenameBrankningens.exeDVarFileInfo$ vs DHLIN00178.exe |
Source: C:\Users\user\Desktop\DHLIN00178.exe | Code function: 0_2_00403235 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: C:\Users\user\Desktop\DHLIN00178.exe | Code function: 0_2_00403235 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |
Source: | Binary string: /_/artifacts/obj/manual.System/net6.0-Release/System.pdbSHA256n source: DHLIN00178.exe, 00000000.00000003.302938136.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.dll.0.dr |
Source: | Binary string: maintenanceservice.pdb@ 0%P% source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr |
Source: | Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography.X509Certificates\net6.0-windows-Release\System.Security.Cryptography.X509Certificates.pdb source: DHLIN00178.exe, 00000000.00000003.301912869.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.0.dr |
Source: | Binary string: /_/artifacts/obj/manual.System/net6.0-Release/System.pdb source: DHLIN00178.exe, 00000000.00000003.302938136.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.dll.0.dr |
Source: | Binary string: System.Security.Cryptography.X509Certificates.ni.pdb source: DHLIN00178.exe, 00000000.00000003.301912869.000000000285D000.00000004.00000020.00020000.00000000.sdmp, System.Security.Cryptography.X509Certificates.dll.0.dr |
Source: | Binary string: E:\Builds\221\N2\HO_SE_g_2016_r_0\Sources\SolutionExplorer\target\nar\bin\x86-Windows-msvc\release\SolutionExplorerCLI.pdb source: DHLIN00178.exe, 00000000.00000003.301192260.0000000002857000.00000004.00000020.00020000.00000000.sdmp, SolutionExplorerCLI.dll.0.dr |
Source: | Binary string: maintenanceservice.pdb source: DHLIN00178.exe, 00000000.00000003.303732226.0000000002855000.00000004.00000020.00020000.00000000.sdmp, maintenanceservice2.exe.0.dr |
Source: libdatrie-1.dll.0.dr | Static PE information: section name: .xdata |
Source: libpkcs11-helper-1.dll.0.dr | Static PE information: section name: .xdata |
Source: maintenanceservice2.exe.0.dr | Static PE information: section name: .00cfg |
Source: percentile.dll.0.dr | Static PE information: section name: .xdata |
Source: percentile.dll.0.dr | Static PE information: section name: /4 |
Source: percentile.dll.0.dr | Static PE information: section name: /19 |
Source: percentile.dll.0.dr | Static PE information: section name: /31 |
Source: percentile.dll.0.dr | Static PE information: section name: /45 |
Source: percentile.dll.0.dr | Static PE information: section name: /57 |
Source: percentile.dll.0.dr | Static PE information: section name: /70 |
Source: percentile.dll.0.dr | Static PE information: section name: /81 |
Source: percentile.dll.0.dr | Static PE information: section name: /92 |
Source: C:\Users\user\Desktop\DHLIN00178.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Maattet\SolutionExplorerCLI.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\DHLIN00178.exe | File created: C:\Users\user\AppData\Local\Temp\nsb19E8.tmp\System.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\DHLIN00178.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Pointberegningernes241\Chaiselongs\Whatchamacallits76\querciflorae\System.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\DHLIN00178.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Stingily\Nebularise\stormagasiners\libpkcs11-helper-1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\DHLIN00178.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Stingily\Nebularise\stormagasiners\maintenanceservice2.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\DHLIN00178.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Pointberegningernes241\Chaiselongs\Whatchamacallits76\querciflorae\libdatrie-1.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\DHLIN00178.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Mandslinien\Characterizable\Senilitetstegnet\percentile.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\DHLIN00178.exe | File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Maattet\System.Security.Cryptography.X509Certificates.dll | Jump to dropped file |
Source: C:\Users\user\Desktop\DHLIN00178.exe | Code function: 0_2_00403235 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, |