Windows Analysis Report
dfsvc.exe

Overview

General Information

Sample name: dfsvc.exe
Analysis ID: 1541340
MD5: 3597d9e93852fddb92e0a0cf0452bb61
SHA1: d25c62a57ac3000244741bda129f483f2347efa6
SHA256: 6e6cb0729cb902420739148ae23bf1c7959bc8ea2bf6b6277c5c0de45aa77df6
Infos:

Detection

Score: 22
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

AI detected suspicious sample
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device

Classification

AV Detection
barindex
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 81.0% probability
Source: dfsvc.exe Static PE information: certificate valid
Source: dfsvc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: dfsvc.pdbD.^. P._CorExeMainmscoree.dll source: dfsvc.exe
Source: Binary string: dfsvc.pdb source: dfsvc.exe
Source: classification engine Classification label: sus22.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\dfsvc.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dfsvc.exe.log Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Mutant created: NULL
Source: dfsvc.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: dfsvc.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\dfsvc.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Section loaded: cryptbase.dll Jump to behavior
Source: dfsvc.exe Static PE information: certificate valid
Source: initial sample Static PE information: Valid certificate with Microsoft Issuer
Source: dfsvc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: dfsvc.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: dfsvc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: dfsvc.pdbD.^. P._CorExeMainmscoree.dll source: dfsvc.exe
Source: Binary string: dfsvc.pdb source: dfsvc.exe
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\dfsvc.exe Memory allocated: 18F37C40000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Memory allocated: 18F515E0000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599875 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599766 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599657 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599532 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599407 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599282 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599157 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599032 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598922 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598813 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598563 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598438 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598282 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598079 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597947 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597828 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597719 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597609 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597500 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597391 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597281 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597172 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597063 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596938 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596813 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596688 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596578 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596469 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596344 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596235 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596110 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595985 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595860 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595735 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595610 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595453 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595344 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595222 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595094 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594984 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594875 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594766 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594657 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594532 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594407 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594297 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594188 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594063 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 593938 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\dfsvc.exe Window / User API: threadDelayed 8419 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Window / User API: threadDelayed 1421 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep count: 39 > 30 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -35971150943733603s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -599875s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6644 Thread sleep count: 8419 > 30 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6644 Thread sleep count: 1421 > 30 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -599766s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -599657s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -599532s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -599407s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -599282s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -599157s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -599032s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -598922s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -598813s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -598563s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -598438s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -598282s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -598079s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -597947s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -597828s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -597719s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -597609s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -597500s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -597391s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -597281s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -597172s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -597063s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -596938s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -596813s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -596688s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -596578s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -596469s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -596344s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -596235s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -596110s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -595985s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -595860s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -595735s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -595610s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -595453s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -595344s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -595222s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -595094s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -594984s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -594875s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -594766s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -594657s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -594532s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -594407s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -594297s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -594188s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -594063s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe TID: 6648 Thread sleep time: -593938s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599875 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599766 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599657 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599532 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599407 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599282 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599157 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 599032 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598922 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598813 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598563 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598438 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598282 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 598079 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597947 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597828 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597719 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597609 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597500 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597391 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597281 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597172 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 597063 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596938 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596813 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596688 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596578 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596469 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596344 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596235 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 596110 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595985 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595860 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595735 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595610 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595453 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595344 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595222 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 595094 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594984 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594875 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594766 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594657 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594532 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594407 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594297 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594188 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 594063 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Thread delayed: delay time: 593938 Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\dfsvc.exe Queries volume information: C:\Users\user\Desktop\dfsvc.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\dfsvc.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541340 Sample: dfsvc.exe Startdate: 24/10/2024 Architecture: WINDOWS Score: 22 7 AI detected suspicious sample 2->7 5 dfsvc.exe 1 2->5         started        process3
No contacted IP infos