Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\new shipment.PDB source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Configuration.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Xml.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.pdbSystem.Core.ni.dll source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Core.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: new shipment.exe, 00000000.00000002.2602151937.0000000005BE0000.00000004.08000000.00040000.00000000.sdmp, new shipment.exe, 00000000.00000002.2598678318.0000000003134000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: %%.pdb source: new shipment.exe, 00000002.00000002.1448853295.00000000011F7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: mscorlib.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: C:\Users\user\Desktop\new shipment.PDB source: new shipment.exe, 00000002.00000002.1448853295.00000000011F7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Xml.pdbL0Tw# source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb9\,( source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: HPHo0C:\Windows\mscorlib.pdb source: new shipment.exe, 00000002.00000002.1448853295.00000000011F7000.00000004.00000010.00020000.00000000.sdmp |
Source: new shipment.exe, 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1448682843.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded |
Source: new shipment.exe, 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1450342369.0000000003611000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1448682843.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://aborters.duckdns.org:8081 |
Source: new shipment.exe, 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1450342369.0000000003611000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1448682843.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://anotherarmy.dns.army:8081 |
Source: new shipment.exe, 00000002.00000002.1450342369.00000000036D6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.com |
Source: new shipment.exe, 00000002.00000002.1450342369.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1450342369.00000000036C9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org |
Source: new shipment.exe, 00000002.00000002.1450342369.0000000003611000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/ |
Source: new shipment.exe, 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1448682843.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://checkip.dyndns.org/q |
Source: new shipment.exe, 00000002.00000002.1450342369.0000000003611000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Amcache.hve.6.dr | String found in binary or memory: http://upx.sf.net |
Source: new shipment.exe, 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1450342369.0000000003611000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1448682843.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://varders.kozow.com:8081 |
Source: new shipment.exe, 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1448682843.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://api.telegram.org/bot |
Source: new shipment.exe, 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp, new shipment.exe, 00000002.00000002.1448682843.0000000000402000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://reallyfreegeoip.org/xml/ |
Source: 2.2.new shipment.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 2.2.new shipment.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 2.2.new shipment.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.new shipment.exe.4250a40.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.new shipment.exe.4250a40.4.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.new shipment.exe.4250a40.4.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.new shipment.exe.420e610.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.new shipment.exe.420e610.3.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.new shipment.exe.420e610.3.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.new shipment.exe.4250a40.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.new shipment.exe.4250a40.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.new shipment.exe.4250a40.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.new shipment.exe.4119770.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.new shipment.exe.4119770.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 0.2.new shipment.exe.420e610.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 0.2.new shipment.exe.420e610.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Encrial credential stealer malware Author: Florian Roth |
Source: 0.2.new shipment.exe.420e610.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects executables with potential process hoocking Author: ditekSHen |
Source: 00000002.00000002.1448682843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: new shipment.exe PID: 5476, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: Process Memory Space: new shipment.exe PID: 1464, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown |
Source: new shipment.exe, 00000000.00000002.2597016395.00000000012BE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs new shipment.exe |
Source: new shipment.exe, 00000000.00000002.2602151937.0000000005BE0000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs new shipment.exe |
Source: new shipment.exe, 00000000.00000000.1334745220.0000000000D12000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamePvI.exe( vs new shipment.exe |
Source: new shipment.exe, 00000000.00000002.2600980391.00000000057A0000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameExample.dll0 vs new shipment.exe |
Source: new shipment.exe, 00000000.00000002.2598678318.0000000003134000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameAQipUvwTwkLZyiCs.dll: vs new shipment.exe |
Source: new shipment.exe, 00000000.00000002.2598678318.0000000003134000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameRemington.exe4 vs new shipment.exe |
Source: new shipment.exe, 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameExample.dll0 vs new shipment.exe |
Source: new shipment.exe, 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameRemington.exe4 vs new shipment.exe |
Source: new shipment.exe, 00000002.00000002.1448682843.0000000000444000.00000040.00000400.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameRemington.exe4 vs new shipment.exe |
Source: new shipment.exe, 00000002.00000002.1448957285.00000000014A8000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs new shipment.exe |
Source: new shipment.exe | Binary or memory string: OriginalFilenamePvI.exe( vs new shipment.exe |
Source: 2.2.new shipment.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 2.2.new shipment.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 2.2.new shipment.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.new shipment.exe.4250a40.4.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.new shipment.exe.4250a40.4.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.new shipment.exe.4250a40.4.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.new shipment.exe.420e610.3.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.new shipment.exe.420e610.3.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.new shipment.exe.420e610.3.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.new shipment.exe.4250a40.4.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.new shipment.exe.4250a40.4.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.new shipment.exe.4250a40.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.new shipment.exe.4119770.2.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.new shipment.exe.4119770.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 0.2.new shipment.exe.420e610.3.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 0.2.new shipment.exe.420e610.3.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.new shipment.exe.420e610.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking |
Source: 00000002.00000002.1448682843.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: 00000000.00000002.2599288668.00000000040A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: new shipment.exe PID: 5476, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: Process Memory Space: new shipment.exe PID: 1464, type: MEMORYSTR | Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: rasapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: rasman.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: rtutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Xml.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.ni.pdbRSDS source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Users\user\Desktop\new shipment.PDB source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: mscorlib.ni.pdbRSDS source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Configuration.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Xml.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.pdbSystem.Core.ni.dll source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Xml.ni.pdbRSDS# source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: Microsoft.VisualBasic.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Core.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: new shipment.exe, 00000000.00000002.2602151937.0000000005BE0000.00000004.08000000.00040000.00000000.sdmp, new shipment.exe, 00000000.00000002.2598678318.0000000003134000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: %%.pdb source: new shipment.exe, 00000002.00000002.1448853295.00000000011F7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: System.Windows.Forms.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: mscorlib.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: C:\Users\user\Desktop\new shipment.PDB source: new shipment.exe, 00000002.00000002.1448853295.00000000011F7000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: \??\C:\Windows\mscorlib.pdb source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Core.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Xml.pdbL0Tw# source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb9\,( source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: System.Configuration.ni.pdbRSDScUN source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.ni.pdb source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: System.Core.ni.pdbRSDS source: WER92DB.tmp.dmp.6.dr |
Source: | Binary string: HPHo0C:\Windows\mscorlib.pdb source: new shipment.exe, 00000002.00000002.1448853295.00000000011F7000.00000004.00000010.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: Amcache.hve.6.dr | Binary or memory string: VMware |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin |
Source: Amcache.hve.6.dr | Binary or memory string: VMware, Inc. |
Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.6.dr | Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.6.dr | Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.6.dr | Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.6.dr | Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.6.dr | Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.sys |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.6.dr | Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.6.dr | Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.6.dr | Binary or memory string: VMware20,1 |
Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.6.dr | Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.6.dr | Binary or memory string: VMware-42 27 c7 3b 45 a3 e4 a4-61 bc 19 7c 28 5c 10 19 |
Source: Amcache.hve.6.dr | Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.6.dr | Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.6.dr | Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.6.dr | Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.6.dr | Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.6.dr | Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.6.dr | Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: new shipment.exe, 00000002.00000002.1448957285.00000000014D7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllgura |
Source: Amcache.hve.6.dr | Binary or memory string: vmci.inf_amd64_68ed49469341f563 |