Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\InstallUtil.pdbol source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\InstallUtil.pdbZm source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002F14000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2129554085.0000000005B80000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: ((.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: &ulUtil.pdb`W source: InstallUtil.exe, 00000002.00000002.3341183787.00000000010D8000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002F14000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2129554085.0000000005B80000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbN source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.00000000010D8000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdb source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\System.pdbVl source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdbo source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbh source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdb.NETFrameworkv4.0.30319InstallUtil.exe source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001180000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001110000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdbw source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\InstallUtil.pdbb] source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb+ source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001110000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\InstallUtil.pdbt source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h | 0_2_029022A4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then jmp 04FCCA9Bh | 0_2_04FCC4D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h | 0_2_04FC1060 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h | 0_2_04FC1058 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then jmp 04FCAEDDh | 0_2_04FCAD8B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then jmp 04FCCA9Bh | 0_2_04FCC4D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then jmp 04FD4428h | 0_2_04FD4250 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then jmp 04FD3B6Fh | 0_2_04FD3B10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then jmp 04FDCBB0h | 0_2_04FDCAF8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then jmp 04FDCBB0h | 0_2_04FDCAF1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then jmp 04FD4428h | 0_2_04FD4240 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 4x nop then jmp 04FD3B6Fh | 0_2_04FD3B0E |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002A01000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, Vsjrhifhpua.exe.0.dr | String found in binary or memory: https://github.com/mariuszgromada/MathParser.org-mXparser |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/mgravell/protobuf-net |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/mgravell/protobuf-netJ |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/mgravell/protobuf-neti |
Source: Vsjrhifhpua.exe.0.dr | String found in binary or memory: https://mathparser.org |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, Vsjrhifhpua.exe.0.dr | String found in binary or memory: https://mathparser.org/mxparser-license |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, Vsjrhifhpua.exe.0.dr | String found in binary or memory: https://mathparser.org/mxparser-tutorial/confirming-non-commercial-commercial-useeWARNING: |
Source: Vsjrhifhpua.exe.0.dr | String found in binary or memory: https://mathparser.org/order-commercial-license |
Source: Vsjrhifhpua.exe.0.dr | String found in binary or memory: https://payhip.com/infima |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, Vsjrhifhpua.exe.0.dr | String found in binary or memory: https://payhip.com/infima) |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stackoverflow.com/q/11564914/23354; |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002A01000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stackoverflow.com/q/14436606/23354 |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stackoverflow.com/q/2152978/23354 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_02901C7A | 0_2_02901C7A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_02902658 | 0_2_02902658 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_02902649 | 0_2_02902649 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_02901C7A | 0_2_02901C7A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_02902CF8 | 0_2_02902CF8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_02902CE8 | 0_2_02902CE8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_02901C7A | 0_2_02901C7A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04E54EC0 | 0_2_04E54EC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04E58694 | 0_2_04E58694 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04E5729A | 0_2_04E5729A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04E51460 | 0_2_04E51460 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04E5D520 | 0_2_04E5D520 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04E54EB1 | 0_2_04E54EB1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04E5B828 | 0_2_04E5B828 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04E5B838 | 0_2_04E5B838 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04ECC458 | 0_2_04ECC458 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04EC2E0B | 0_2_04EC2E0B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04EC3B28 | 0_2_04EC3B28 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04ECC530 | 0_2_04ECC530 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04EC4070 | 0_2_04EC4070 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04EC214B | 0_2_04EC214B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04EC2150 | 0_2_04EC2150 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04ECCEC8 | 0_2_04ECCEC8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04ECCED8 | 0_2_04ECCED8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04EC3B1A | 0_2_04EC3B1A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FCA040 | 0_2_04FCA040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FC6140 | 0_2_04FC6140 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FC9350 | 0_2_04FC9350 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FC5310 | 0_2_04FC5310 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FC87D0 | 0_2_04FC87D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FC87C0 | 0_2_04FC87C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FCA030 | 0_2_04FCA030 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FC9340 | 0_2_04FC9340 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FC4DC0 | 0_2_04FC4DC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FC9FF2 | 0_2_04FC9FF2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD4CCE | 0_2_04FD4CCE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5CC3 | 0_2_04FD5CC3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD46D5 | 0_2_04FD46D5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5ECF | 0_2_04FD5ECF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD0040 | 0_2_04FD0040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD51B5 | 0_2_04FD51B5 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FDE180 | 0_2_04FDE180 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FDB2D0 | 0_2_04FDB2D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD9250 | 0_2_04FD9250 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5CF0 | 0_2_04FD5CF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD4C7C | 0_2_04FD4C7C |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5DFE | 0_2_04FD5DFE |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5DF3 | 0_2_04FD5DF3 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FDD5EF | 0_2_04FDD5EF |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5D4F | 0_2_04FD5D4F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5D2E | 0_2_04FD5D2E |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5D14 | 0_2_04FD5D14 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5EED | 0_2_04FD5EED |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5EB2 | 0_2_04FD5EB2 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5EAD | 0_2_04FD5EAD |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5E6B | 0_2_04FD5E6B |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5E65 | 0_2_04FD5E65 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FDA7C8 | 0_2_04FDA7C8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FDA7B8 | 0_2_04FDA7B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD576D | 0_2_04FD576D |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5F5F | 0_2_04FD5F5F |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD5030 | 0_2_04FD5030 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD51F9 | 0_2_04FD51F9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD6175 | 0_2_04FD6175 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FDE171 | 0_2_04FDE171 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FDB2C0 | 0_2_04FDB2C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_04FD9240 | 0_2_04FD9240 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_05430040 | 0_2_05430040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_05433A68 | 0_2_05433A68 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_05431648 | 0_2_05431648 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_05430367 | 0_2_05430367 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_055A0D20 | 0_2_055A0D20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_055A0D10 | 0_2_055A0D10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_055A8090 | 0_2_055A8090 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_055A8080 | 0_2_055A8080 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_055CDE38 | 0_2_055CDE38 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_055CD1E8 | 0_2_055CD1E8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_055B0040 | 0_2_055B0040 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Code function: 0_2_055B0011 | 0_2_055B0011 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 2_2_02D230A8 | 2_2_02D230A8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 2_2_02D27480 | 2_2_02D27480 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 2_2_02D23097 | 2_2_02D23097 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 2_2_02D24556 | 2_2_02D24556 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 2_2_02D24560 | 2_2_02D24560 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 2_2_05826948 | 2_2_05826948 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 2_2_05825B80 | 2_2_05825B80 |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003B45000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameLxrjgldfau.dll" vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002F14000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002B92000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameGmcbxaouxsl.exe" vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002A01000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2129554085.0000000005B80000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameGmcbxaouxsl.exe" vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameIyfueb.exe. vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000000.2085569121.00000000005F4000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameIyfueb.exe. vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2103281397.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Binary or memory string: OriginalFilenameIyfueb.exe. vs SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\InstallUtil.pdbol source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\InstallUtil.pdbZm source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002F14000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2129554085.0000000005B80000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: ((.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: &ulUtil.pdb`W source: InstallUtil.exe, 00000002.00000002.3341183787.00000000010D8000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002F14000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2129554085.0000000005B80000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbN source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.00000000010D8000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdb source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2126155718.0000000004ED0000.00000004.08000000.00040000.00000000.sdmp, SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2121927398.0000000003DD9000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\System.pdbVl source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdbo source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbh source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdb.NETFrameworkv4.0.30319InstallUtil.exe source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001180000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001110000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdbw source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\InstallUtil.pdbb] source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb+ source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001110000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\InstallUtil.pdbt source: InstallUtil.exe, 00000002.00000002.3341183787.0000000001124000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.3341057554.0000000000F68000.00000004.00000010.00020000.00000000.sdmp |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.5100000.6.raw.unpack, dchRS8kYKCuUFvMeYKo.cs | High entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'SDxkUBbiHE', 'NtProtectVirtualMemory', 'I8nwoCmh3WtsrBd4EDA', 'eo0ClZmub0huka9LYXJ', 'z2ML5bmbuhl8TBQqNQG', 'bvTkE2mK2JgEW7j3j89' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, Ay88cJwjp1vQBWMfPB1.cs | High entropy of concatenated method names: 'pWswGW1Gql', 'udcwTvKRJY', 'vpRwSuYLlw', 'iQ0wcXSl2V', 'zmDwE3u7Zg', 'oOTwrbhDCI', 'UsvwnJip0s', 'xj5wFxfY45', 'sOQwIOfvID', 'GSmwd4M0xi' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, AssemblyLoader.cs | High entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'Poyc7qK3lq5hWrQLT70' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, iFX3EaoudVR8jYWouhx.cs | High entropy of concatenated method names: 'yLS7cthJHVZUKEGyXNn', 'Q8pFlehUbHNgDq0X2lu', 'Ryrww0r8Sx', 'ypYt51hg9vW7l0SNIpl', 'h0EQoLhLaTi5HnXqM93', 'MhLqY2hbgiV6HWnx03Z', 'ItMlivhKcmGiEhKRaC8', 'vYPo0DhhPK626SZhk5w', 'ocAPoShucqjjSfJDPAR', 'eSulPrhja2LZuBQNWue' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, oLQwSTXWww7vAVwHDj7.cs | High entropy of concatenated method names: 'y4pXvwHj2l', 'u6TXshn6iN', 'LYJXDlNa81', 'RH9F0AxWrU1RfxQvGsN', 'cTp6EpxHROJ0UMkO9X6', 'fqMf1IxvwJ34WhTLrW1', 'GlbgPtxjfTEVhop99Kt', 'DxlADRx4fVLxm0px3ND', 'VC75kDxsbqFLbnufutB', 'rDg9rRxDsfpcFZ4i2SH' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, tPfNcYPwX5IODIivob.cs | High entropy of concatenated method names: 'XBryUF1EZ', 'RPX0I3vO4', 'kH384a6tP', 'sQc2tu70N', 's1uQBJPX1', 'bbmOuPJrRL6WII0bO4T', 'PxyhGSJnl9elcHnoikN', 'pterNAJFL432bqDCPK6', 'WJeUUAJIlR4QUmfvpJn', 'BEI640JdkkV2NkjSIxB' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, J2LxTL7Ml8IRAO5gVGa.cs | High entropy of concatenated method names: 'bGM7JXtHXj', 'zv2DHagtvPkDauH2AdT', 'rF61N7gGi18SsR1t9WP', 'qIOOMkgTp4vpYy6uGAN', 'Ep7M6lgS9VOfwBYIJYA', 'UwVDh1gcE82mMcC23kY', 'L73bwdgEsXTefLqTXaw', 'YAnQAFgBxldXqm9pAqK', 'SgeQ6dg6sYdmZfqcPqT' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, GkeKcpk7QFoGMcT3m3v.cs | High entropy of concatenated method names: 'j93kNpyEuv', 'q6TkPKaoPe', 'GmukQG1g0W', 'ydWk09qXec', 'RWPkeH7oMw', 'xoGk81N5Zd', 'jK3k2JoX9s', 'iQZkpjbnNl', 'Jb7k12Tfds', 'AetkOt2THa' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, vrByYdo1MNMYAkokZeI.cs | High entropy of concatenated method names: 'LywoVHxUkv', 'fWy3w6KNFoJ7bE5ZwVk', 'qkp251Kwi5JJALWThhs', 'glDn40KPmrM0xyk2Hw7', 'Y6VCMCKfIXNCKJOr8Lf', 'pEcKUbKQbOm6Gpa66Vi', 'MZf35PKyH4TncV3nsV6', 'IZNYKSK0GcOynZeP4r4', 'sptB3bK7IUN0kDLPw7x', 'e5EPviKox1kQB6ixIAF' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, dchRS8kYKCuUFvMeYKo.cs | High entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'SDxkUBbiHE', 'NtProtectVirtualMemory', 'I8nwoCmh3WtsrBd4EDA', 'eo0ClZmub0huka9LYXJ', 'z2ML5bmbuhl8TBQqNQG', 'bvTkE2mK2JgEW7j3j89' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, Bb3eG17mn37ccoMRyGH.cs | High entropy of concatenated method names: 'b817LOdW9C', 'wZ7aMfLlywMtL0ExbET', 'bI48eRLqFQKhOnHbq8I', 'ocsqjlL5OerFM5cFsgo', 'hZHB3bLA2MSkg49773c', 'QgJowpLRCONZChwc3if', 'g4yKENLXD3WBjJeAPx2', 'RbYtGcgdcp85tAyIBON', 'uKf10LgzDCU7ZroGMfs' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, fa7YES5MKyHDZY2ekR5.cs | High entropy of concatenated method names: 'ksg5JRCDcj', 'sRGUlBUW9WsGGir02gj', 'suy71sUHcJMcFT7YUsW', 'MmT3gZUvYUrdNTnS1LY', 'ei50PgUsNyGeGfPaWRE', 'LWMNFHUDPgxAbUwZLX2', 'ICZCLpUZNKJTeTyah6K', 'QyTAR8U3EtOl4ShkYeD', 'Sx4qOWUB2YHTyW9Qiur', 'vu75VPU67cyMRdk6mO1' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, u7enb8XYRplvQqq8kwi.cs | High entropy of concatenated method names: 'H4yXUqbn0S', 'e4fXCCGS3v', 'cDKI1SC6qLfves8RXa2', 'Eig51kC3XEY7e1TjJNk', 'C30iSICBce6gwNUWmNV', 'THY2mLCtERwkTShfwDy', 'dkGZ3WCGh5ECAt1uFGw', 'Y9xvZbCTVrgGgfcxFh2', 'e2a2ywCSLZ6VnqbMokE', 'M7kMbcCca7AjCI6oY3X' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, CavLDy7t0PfAWyOn1Kn.cs | High entropy of concatenated method names: 'koM7TYcTtR', 'p3YKw3LFyTEd3PJv9Sq', 'dV3FjrLIoOdSQ2FmfsS', 'WaWMlKLdLTOtRaJOrxV', 'ynSSJXLzKTYEoPLYYXU', 'QO4sqZblbGIcddfcN26', 'w13UyObqGUIVcsBKtuc', 'xVeEq8b51a8ywOBaudi', 'x49jEXbAKCXWsAjVBAN', 'nTXmdObRREFnBJQb98f' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, nsZoj9oe9ZsCl44kerP.cs | High entropy of concatenated method names: 'ljBo2GxDGq', 'acgophEupk', 'V3k3fabTH7B0A7u50ZN', 'WCVhoAbSQBFqex3bV5j', 'RsdoOtbtKOdPaH1qfdC', 'mbKwuabGDll2oIbWTu5', 'kO1oQbbcj52o6rv0ybu', 'LACGAbbEAMnNfmDdFqb', 'mSnXIHbr1dyJ2osUddy', 'aTbRj6bnUmvrLXOYMis' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, kYsaPBwLU1kZHMd1DEx.cs | High entropy of concatenated method names: 'hi9sjyIGgA', 'iVns462NVp', 'egmq6yhI6g22koSJO8J', 'a5nRKrhdaEdRPAwp2Zn', 'jgZ77xhz2Hlks6AjfxO', 'vDFQk8uleRGGZLmb1v3', 'diE1Xeuq4LgXTputVjp', 'Qt3Qdou5X9YlLi2QUNf' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, mrPelIwzkCxvXlL01Ad.cs | High entropy of concatenated method names: 'BZl8MZe1j7', 'gRt8YMZAjg', 'beJ8J6LOK9', 'O8W8UAqeSe', 'MDK8C2DRVm', 'xer8xOs8gv', 'iLx8mHIfik', 'XE6PaE3WLQ', 'cjV8gLdVVL', 'bSB8LFK9lX' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, uVjknGoLDJAevp2PjYV.cs | High entropy of concatenated method names: 'lBDsKd2R0v', 'zc3rvKh0q85TlmaUikV', 'UlImndheLNtNBxC5gvh', 'GdLvUkh8HPNd427ie4C', 'DhHxoBh2jjajXEUrvXq', 'hwictohpxAwfT0wkGF5', 'GVxAMThQ9r82MXGAx80', 'VS3g2ThyYEAlkFhr02O', 'Acwejfh1ik8y3qcVjcl', 'LnTetYhOMJjeUYYo8ap' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, nxaAys7H7LNQDnUsL2a.cs | High entropy of concatenated method names: 'G5F7ZNbYO3', 'xXU73hQfK2', 'icE7sOPPJA', 'D9s7DWCdgQ', 'l1rnGCLBLGTRxwQVNkh', 'A6uMyUL6KCntacEywjm', 'IiJrnoLt53P8rH0WvtG', 'IWc0akLGVu36niModwh', 'P53gqnLTNDblIPyxMxD', 'CnmqXMLSNOfW9mb85Uw' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, nxJoyfVwv5LVgyyAgJ.cs | High entropy of concatenated method names: 'y4hMRc9sl', 'yulYLGwYE', 'fmRUoWMPx', 'dKfJcCet8', 'MASi6fURa4xwWVZL3D1', 'WuLgp3UXpcUWDxjrL86', 'cXPb7PUkkng6WvH9Tuo', 'yUuPmxUiSEmYDNVV6Df', 'F6JUcfU9AFFMWtWNkVE', 'feRc8NU7LXohPbJGMl1' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, X7dEYHXL4O5QQ6PXQhh.cs | High entropy of concatenated method names: 'soCXKvsdiD', 'glXXhmjSMA', 'M7VXucJyK9', 'i5hXjk4Ym5', 'hPiX4Fous7', 'VY117Kx5Prsn5hW8OPW', 'gkaYA3xAkSUdsm8OYcZ', 's99IVxxRkO6kiqv7PU0', 'ySRXHoxX5BNdbxi92lg', 'i93MISxkHvcUaTG6gZ4' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, PNbyS4oaWeCbiWuOyQK.cs | High entropy of concatenated method names: 'I6qoYibUmo', 'VBjoJGYkOW', 'tZc17CKpQVvpv7UrdPs', 'GlRciwK1BIvPL6oHYGG', 'qiEfPSKOSL46eFOaVO1', 'm0Fb05K87KnLvVEx6Cm', 'fW5dTKK2QLLjv2jT4eZ', 'C3SLhwKVQnBMjqfGBe7', 'SRDUPHKamxf27ltwYtn' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, oNTyYC7ruqK8r69YJWv.cs | High entropy of concatenated method names: 'HZp7FFSoy4', 'fq0ypsb0aYwV2em0KNV', 'HOD1RSbemEvhIy7rkv6', 'JL16Aub8dwGU4BuuAxR', 'YDrWLBb2i9s5Hm2jc75', 'tBIX8KbpIli0Bqa13xq', 'TduhHVb12fiKbhwPqH2', 'etH7LmbQiuKSxW8ecPK', 'QH0cAfbyMW8vR0TfVnT' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, GAxVw87jov1wdeRPgnQ.cs | High entropy of concatenated method names: 'S9u7Wo7wDi', 'm2ocRdLj2d7ejDZJpf8', 'SPWYWcL4ZL4XpS4nNBa', 'eGE9v1LWFoNymVJOtNS', 'lh3jWgLHpDtlXOLr6Ff', 'cCoUT6LvXddvBISExYw', 'GXQHHsLsEqvGJ2FXXt4', 'wWEWc9LhSrvtnLeHB0k', 'OTi4EiLutxGJFiUaDeQ' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, SwJyAx7bB0A8nbTChje.cs | High entropy of concatenated method names: 'Wdm7htNKqH', 'uoJ7uVOWm2', 'kUOcDLLi81igW08hOnS', 'VCf0aaL99GLXCTpihQy', 'Q4TfFPL7VSA6CL2lMcl', 'CmEYdhLoXAspbRsy39i', 'La4D74LNcMUgPZVpT73', 'TXGHYWLwCnCvcj3AGDk', 'jqA3oxLP4HJYEJRQMXU', 'kSYViRLfNnNq8sEM3Oi' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, nKCVQc7I3ZwfV63BsQl.cs | High entropy of concatenated method names: 'VFq7zLZoow', 'JmIoqq5TUg', 'eYPollco7o', 'R8rOoDbMCpLwhrgTcyC', 'vwgLYWbVmLkLq1V46xM', 'BHPOIDbaVHS8erDlLLB', 'pfCP9bbYl3UpFpYye66', 'Yl3C54bJs5a2hUhg1Gc', 'EdRhVjbUM5wXpfuFcOA' |
Source: 0.2.SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe.3b4b398.4.raw.unpack, eN4xdEooxKqKduIBp5H.cs | High entropy of concatenated method names: 'C5Xowa8Kbj', 'pjy9Vtbug9Jk7Zx1hIP', 'L5YCH0bjHk7m6wmu1Fo', 'm7HHPeb4r91itPEcRXX', 'OPvAxZbW4n0YIU84Z08', 'PkxaGPbHSpTaU34cPoM', 'zIV6hVbvXldtXlX8Kuq', 'T7ZsCUbKedSDfdUbjke', 'YMxyJ3bhVRRSspSTlpX' |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: crosoft|VMWare|VirtualH |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: $]q 1:en-CH:VMware|VIRTUAL|A M I|Xen |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: $]q 1:en-CH:Microsoft|VMWare|Virtual |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmware |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware|VIRTUAL|A M I|Xen |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWareLR]q |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Microsoft|VMWare|Virtual |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002A01000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware|VIRTUAL|A M I|Xen(_]q |
Source: SecuriteInfo.com.Trojan-Spy.MSIL.Agent.14880.3646.exe, 00000000.00000002.2111022730.0000000002A01000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: explorerJSbieDll.dllKcuckoomon.dllLwin32_process.handle='{0}'MParentProcessIdNcmdOselect * from Win32_BIOS8Unexpected WMI query failurePversionQSerialNumberSVMware|VIRTUAL|A M I|XenTselect * from Win32_ComputerSystemUmanufacturerVmodelWMicrosoft|VMWare|VirtualXjohnYannaZxxxxxxxx |
Source: InstallUtil.exe, 00000002.00000002.3347479169.0000000005600000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3343809026.0000000004089000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3343809026.00000000041FD000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: qWxObqgzxIqemUDIBsD |