Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\neverlocation.exe |
Avira: detection malicious, Label: HEUR/AGEN.1309900 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
Avira: detection malicious, Label: HEUR/AGEN.1309900 |
Source: C:\Users\user\AppData\Local\cvchost.exe |
Avira: detection malicious, Label: HEUR/AGEN.1309900 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
ReversingLabs: Detection: 60% |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\neverlocation.exe |
ReversingLabs: Detection: 75% |
Source: C:\Users\user\AppData\Local\cvchost.exe |
ReversingLabs: Detection: 75% |
Source: PfvmSWvg37.exe |
ReversingLabs: Detection: 50% |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 83.1% probability |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\neverlocation.exe |
Joe Sandbox ML: detected |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
Joe Sandbox ML: detected |
Source: C:\Users\user\AppData\Local\cvchost.exe |
Joe Sandbox ML: detected |
Source: unknown |
HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49707 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.5:49726 version: TLS 1.2 |
Source: PfvmSWvg37.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Windows\MSBuild.pdbpdbild.pdbD source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Zmbunaafzj.pdb source: MSBuild.exe, 0000000A.00000002.3310327325.0000000004213000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.3321253455.0000000005430000.00000004.08000000.00040000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.3310327325.0000000003F2C000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.3308775930.0000000002D81000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wextract.pdb source: PfvmSWvg37.exe |
Source: |
Binary string: wextract.pdbGCTL source: PfvmSWvg37.exe |
Source: |
Binary string: \??\C:\Windows\exe\MSBuild.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: MSBuild.exe, 0000000A.00000002.3304886604.0000000001038000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb] source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: n.pdb source: MSBuild.exe, 0000000A.00000002.3304717281.0000000000EF8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.pdb# source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: justleadership.exe, 00000002.00000002.2512740857.0000000006AA0000.00000004.08000000.00040000.00000000.sdmp, justleadership.exe, 00000002.00000002.2500456520.0000000004062000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000002.00000002.2500456520.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000002.00000002.2486410922.0000000003389000.00000004.00000800.00020000.00000000.sdmp, neverlocation.exe, 00000009.00000002.2973069664.0000000003E5A000.00000004.00000800.00020000.00000000.sdmp, neverlocation.exe, 00000009.00000002.2956118773.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: n0C:\Windows\MSBuild.pdb^t source: MSBuild.exe, 0000000A.00000002.3304717281.0000000000EF8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: inaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: justleadership.exe, 00000002.00000002.2512740857.0000000006AA0000.00000004.08000000.00040000.00000000.sdmp, justleadership.exe, 00000002.00000002.2500456520.0000000004062000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000002.00000002.2500456520.0000000003EF1000.00000004.00000800.00020000.00000000.sdmp, justleadership.exe, 00000002.00000002.2486410922.0000000003389000.00000004.00000800.00020000.00000000.sdmp, neverlocation.exe, 00000009.00000002.2973069664.0000000003E5A000.00000004.00000800.00020000.00000000.sdmp, neverlocation.exe, 00000009.00000002.2956118773.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: justleadership.exe, 00000002.00000002.2511609124.0000000006990000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\MSBuild.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdb source: justleadership.exe, 00000002.00000002.2511609124.0000000006990000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.pdbEVz source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbil& source: MSBuild.exe, 0000000A.00000002.3304886604.0000000001045000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: symbols\exe\MSBuild.pdb source: MSBuild.exe, 0000000A.00000002.3304717281.0000000000EF8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: System.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000001038000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb(og source: MSBuild.exe, 0000000A.00000002.3304717281.0000000000EF8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000001038000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\exe\MSBuild.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: MSBuild.exe, 0000000A.00000002.3304886604.0000000001035000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 0000000A.00000002.3304717281.0000000000EF8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.pdb source: MSBuild.exe, 0000000A.00000002.3304717281.0000000000EF8000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.pdbi source: MSBuild.exe, 0000000A.00000002.3304886604.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdblsh source: MSBuild.exe, 0000000A.00000002.3304886604.0000000001045000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
Code function: 4x nop then jmp 068ECAFEh |
2_2_068ECA80 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
Code function: 4x nop then jmp 068ED3C5h |
2_2_068ED1F8 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
Code function: 4x nop then jmp 068ECAFEh |
2_2_068ECA70 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
Code function: 4x nop then jmp 068ED3C5h |
2_2_068ED1EB |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
Code function: 4x nop then jmp 06A2FA8Fh |
2_2_06A2FA28 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
Code function: 4x nop then jmp 06A2FA8Fh |
2_2_06A2FA19 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\justleadership.exe |
Code function: 4x nop then jmp 06A2FA8Fh |
2_2_06A2FB87 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\neverlocation.exe |
Code function: 4x nop then jmp 06661697h |
9_2_066614B0 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\neverlocation.exe |
Code function: 4x nop then jmp 06661697h |
9_2_066614A0 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\neverlocation.exe |
Code function: 4x nop then jmp 06661697h |
9_2_066615A0 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\neverlocation.exe |
Code function: 4x nop then jmp 068CE927h |
9_2_068CE730 |
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\neverlocation.exe |
Code function: 4x nop then jmp 068CE927h |
9_2_068CE720 |
Source: http |
Bad PDF prefix: HTTP/1.1 200 OK Date: Wed, 16 Oct 2024 07:10:49 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Wed, 09 Oct 2024 11:25:43 GMT ETag: "108410-6240983b13bc0" Accept-Ranges: bytes Content-Length: 1082384 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/pdf Data Raw: e8 58 54 3c 39 43 b0 fe ff ae ba fd dc 22 1e 8f af ab ea 4f 3f 50 90 03 e7 45 0a a8 7a ea 96 7f cd 54 a4 d8 2a a7 fe e4 c5 f2 5b 6a e7 d3 6c 2a 4c d5 71 f7 6e 31 c3 3d 31 f1 0f 50 5f 9a 2f e8 2d 89 d1 ae d6 6b 98 2b e8 f8 21 c1 e4 e0 2b a3 11 f1 3b d1 76 33 8e 75 87 2e d7 0e 39 68 a6 e4 16 c9 90 8a 5d 0b 7b 54 85 55 49 54 b0 8a b1 ec 4e 9d 2a 87 6c 14 fb 09 c9 71 0f 6b 3e f3 bc 4f f7 02 84 c0 7e 44 f5 d0 74 af 89 b0 51 55 c3 3c 9d 7d e5 62 23 47 51 05 31 3a d7 e8 e3 ce 55 18 3a fe bf 68 aa 93 21 e6 99 2d c9 30 98 18 6f 73 42 7f 81 e7 38 fa 40 44 16 1c 5a 97 05 44 59 ac 52 04 42 8a ff 27 1f 1e 51 8e ce 24 66 5f ce 9f f3 5a f0 51 a5 49 1e b0 dd b9 32 89 92 72 e3 40 c6 b8 66 cd ac 25 3c 74 06 14 91 92 48 15 22 f7 56 88 79 6e d7 aa 5d 40 4a ab da 43 35 0d 19 2b f0 e9 cc 99 28 6d 1c 37 b9 f1 49 82 e6 3a 07 2e ba 87 fc e2 14 be 59 cd 43 75 9d 2a c9 97 b4 3b 8e da 4e 81 ab 5e c8 4c 92 dd 4b f7 bb 84 4a d6 76 52 00 81 ec d3 c0 da 14 7f 45 b8 19 ac 1b 6b c6 5d 5c c3 e1 bc dc 8c 25 f8 9e e2 53 40 08 09 81 f2 d8 db cf 45 62 c2 5b 98 5d 0e 0a 69 85 79 df 34 7b 50 3f 10 2c e5 40 4a bd eb ac 4b a3 ed 88 48 51 d6 aa 56 57 8b 5c 5e 02 a5 3e 79 71 4c ae 15 e9 20 0f 99 55 1e 01 33 34 e0 25 52 46 b3 90 be 7c 85 20 b4 0a 46 fd f6 12 d8 3a 38 2f a1 e7 82 05 6a 09 42 37 39 81 2d 12 f9 88 81 3b 48 31 38 b9 ff 1d 35 22 63 de a3 a7 9b 44 5a 27 7e 09 e0 1a c8 89 22 4a fa f5 f5 d4 48 3e a3 ac a0 82 8a 37 ef 39 18 19 a3 6b 5c e3 6f f3 24 39 d5 c8 56 24 ec 7d e2 a5 82 98 5f ce 06 0f 1e 1f 69 01 32 9e 12 2b 98 7e 21 f7 77 0a 9d e6 81 53 ec f7 ea 86 69 ab 5e de db 45 06 8f a8 95 83 5b b6 7f 5d f1 ae 3b 4f 5e 37 18 28 91 70 75 fe 3d cd ef 88 5f 35 2f e9 31 a3 16 89 40 32 cf d3 80 6d 30 b1 64 7a 57 de f1 17 92 18 5a 38 6c 30 1c eb 34 94 ca c6 f8 2e d2 a3 7d 8e e6 aa 7c 9c 5c 09 44 f1 01 d6 b4 aa 2b a5 9d c5 fb 14 bb 70 22 95 f5 9c 6d 9d 39 f2 43 97 d6 60 20 b5 cf 68 a6 e9 94 8d 9f f4 4c 71 32 5f 4d b0 1e e6 16 49 5d 40 25 e1 6a b6 08 9d c7 cf 52 3a 08 2b 0e 20 69 a5 51 30 75 8b 80 be 71 cb 06 e0 34 6b 00 34 7c 53 94 0e 85 87 57 e5 ed 23 4b 0f 65 de b3 07 f4 ba 31 57 c2 6a 00 68 e0 ed 5b eb bd 09 45 a6 48 f9 77 8b 8b 65 b9 39 30 75 ef 45 dd a1 73 6e |