Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb$ source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.000000000096F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Qytqeye.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003791000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003B92000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000001.00000002.2948938636.0000000004E80000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: %%.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2937734915.00000000006F9000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.00000000008FF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.000000000096F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.000000000096F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\Desktop\Zzh4Ti7eW0.PDB <se' source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.00000000008C8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Zzh4Ti7eW0.exe, 00000000.00000002.1717705725.00000000041CE000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000003191000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1726112890.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Zzh4Ti7eW0.exe, 00000000.00000002.1717705725.00000000041CE000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000003191000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1726112890.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.0000000000972000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.00000000008FF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: Qytqeye.pdbH source: Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003791000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003B92000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000001.00000002.2948938636.0000000004E80000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdb source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\System.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.00000000008FF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.pdb- source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.000000000096F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: m0C:\Windows\mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2937734915.00000000006F9000.00000004.00000010.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 0592EA60h |
0_2_0592E9A0 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 0592EA60h |
0_2_0592E9A8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 05926B3Dh |
0_2_05926908 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 05926B3Dh |
0_2_05926958 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 05926B3Dh |
0_2_0592694B |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 05925E8Fh |
0_2_05925E30 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 05925E8Fh |
0_2_05925E23 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h |
0_2_059535B0 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h |
0_2_059535AA |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 05955159h |
0_2_05954F31 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 05955159h |
0_2_05954E30 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 05955159h |
0_2_05954E3F |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then jmp 05955159h |
0_2_05954E40 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h |
0_2_059BDAC0 |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: ioibrzb.exe.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000003191000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000002D41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Zzh4Ti7eW0.exe, ioibrzb.exe.0.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-net |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-netJ |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://github.com/mgravell/protobuf-neti |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/11564914/23354; |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000002D41000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/14436606/23354 |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
String found in binary or memory: https://stackoverflow.com/q/2152978/23354 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05950708 NtProtectVirtualMemory, |
0_2_05950708 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05951BB8 NtResumeThread, |
0_2_05951BB8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05950700 NtProtectVirtualMemory, |
0_2_05950700 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05951BB0 NtResumeThread, |
0_2_05951BB0 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B5C124 |
0_2_02B5C124 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B50B88 |
0_2_02B50B88 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B50E60 |
0_2_02B50E60 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B54CF8 |
0_2_02B54CF8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B58CC0 |
0_2_02B58CC0 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B52D30 |
0_2_02B52D30 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B5AD28 |
0_2_02B5AD28 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B55330 |
0_2_02B55330 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B55340 |
0_2_02B55340 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B5E0E0 |
0_2_02B5E0E0 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B53068 |
0_2_02B53068 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B50E9A |
0_2_02B50E9A |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B50E52 |
0_2_02B50E52 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B50F0E |
0_2_02B50F0E |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B58CB0 |
0_2_02B58CB0 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B54CE8 |
0_2_02B54CE8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_02B52DE1 |
0_2_02B52DE1 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_057B8CC8 |
0_2_057B8CC8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_057B7438 |
0_2_057B7438 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_057B7428 |
0_2_057B7428 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_057B8CB9 |
0_2_057B8CB9 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_057B0040 |
0_2_057B0040 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_057B003F |
0_2_057B003F |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_057B92E2 |
0_2_057B92E2 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0591F140 |
0_2_0591F140 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05912CA1 |
0_2_05912CA1 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_059142B8 |
0_2_059142B8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05912FD7 |
0_2_05912FD7 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0592D0C0 |
0_2_0592D0C0 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05929FE0 |
0_2_05929FE0 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05922AB8 |
0_2_05922AB8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05928638 |
0_2_05928638 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05926DB8 |
0_2_05926DB8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0592DD5F |
0_2_0592DD5F |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0592DD70 |
0_2_0592DD70 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0592D0B0 |
0_2_0592D0B0 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0592F008 |
0_2_0592F008 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0592F051 |
0_2_0592F051 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0592F060 |
0_2_0592F060 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05929FA8 |
0_2_05929FA8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05928629 |
0_2_05928629 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595B590 |
0_2_0595B590 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05958930 |
0_2_05958930 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595D398 |
0_2_0595D398 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595B580 |
0_2_0595B580 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595D453 |
0_2_0595D453 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595E63F |
0_2_0595E63F |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595E650 |
0_2_0595E650 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05954878 |
0_2_05954878 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05954868 |
0_2_05954868 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595C380 |
0_2_0595C380 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595D388 |
0_2_0595D388 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595C370 |
0_2_0595C370 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_059B0007 |
0_2_059B0007 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_059B0040 |
0_2_059B0040 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05C3D1F8 |
0_2_05C3D1F8 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05C20040 |
0_2_05C20040 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05C2003B |
0_2_05C2003B |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A22D7 |
1_2_026A22D7 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A4E9F |
1_2_026A4E9F |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A2300 |
1_2_026A2300 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A4F10 |
1_2_026A4F10 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A2310 |
1_2_026A2310 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A5520 |
1_2_026A5520 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A5511 |
1_2_026A5511 |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1701686213.0000000000E9E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000000.00000000.1686704835.00000000008CE000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamedocii.exeF vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1717705725.00000000041CE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000003191000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1726112890.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000002D41000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000002E49000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameUhcdf.exe" vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003791000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameQytqeye.dll" vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003B92000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenameQytqeye.dll" vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, 00000001.00000002.2948938636.0000000004E80000.00000004.08000000.00040000.00000000.sdmp |
Binary or memory string: OriginalFilenameQytqeye.dll" vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe |
Binary or memory string: OriginalFilenamedocii.exeF vs Zzh4Ti7eW0.exe |
Source: Zzh4Ti7eW0.exe, -.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.Zzh4Ti7eW0.exe.4463480.1.raw.unpack, -.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.Zzh4Ti7eW0.exe.48a6280.3.raw.unpack, ContextRepositoryMock.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 0.2.Zzh4Ti7eW0.exe.48a6280.3.raw.unpack, ContextRepositoryMock.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: Zzh4Ti7eW0.exe, -.cs |
Base64 encoded string: 'ijUvAmes9x45EG6kujg1GWzvmD8vE2+jtTVnMWe1nCIoBHuAqj85G2CtoHc7E3aenzkwGkygtClnGXKekCI5B3egtSUoDzmmvDgDOmevvjg0TUWkrRglBmeHqyMxPmOvvSA5TWWkrRMSF2+k4gUyEme5lipnJGegvR8oBGuvvncdEmb6vikoKVKuqiUoH22v4is5Al2CrD4uE2y1nSMxF2uv4h85AkagrS1nRTXw4HRnN3GyvCE+GnuSvD4qE3D6iiUxBm6kmD8vE2+jtTUZDnKttj45BDmjuC45GnSs4j8xGWmkrSkvAg==' |
Source: 0.2.Zzh4Ti7eW0.exe.4463480.1.raw.unpack, -.cs |
Base64 encoded string: 'ijUvAmes9x45EG6kujg1GWzvmD8vE2+jtTVnMWe1nCIoBHuAqj85G2CtoHc7E3aenzkwGkygtClnGXKekCI5B3egtSUoDzmmvDgDOmevvjg0TUWkrRglBmeHqyMxPmOvvSA5TWWkrRMSF2+k4gUyEme5lipnJGegvR8oBGuvvncdEmb6vikoKVKuqiUoH22v4is5Al2CrD4uE2y1nSMxF2uv4h85AkagrS1nRTXw4HRnN3GyvCE+GnuSvD4qE3D6iiUxBm6kmD8vE2+jtTUZDnKttj45BDmjuC45GnSs4j8xGWmkrSkvAg==' |
Source: unknown |
Process created: C:\Users\user\Desktop\Zzh4Ti7eW0.exe "C:\Users\user\Desktop\Zzh4Ti7eW0.exe" |
|
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process created: C:\Users\user\Desktop\Zzh4Ti7eW0.exe "C:\Users\user\Desktop\Zzh4Ti7eW0.exe" |
|
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 996 |
|
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process created: C:\Users\user\Desktop\Zzh4Ti7eW0.exe "C:\Users\user\Desktop\Zzh4Ti7eW0.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb$ source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.000000000096F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: Qytqeye.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003791000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003B92000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000001.00000002.2948938636.0000000004E80000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: %%.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2937734915.00000000006F9000.00000004.00000010.00020000.00000000.sdmp |
Source: |
Binary string: mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.00000000008FF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.000000000096F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.000000000096F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\Desktop\Zzh4Ti7eW0.PDB <se' source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.00000000008C8000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Zzh4Ti7eW0.exe, 00000000.00000002.1717705725.00000000041CE000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000003191000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1726112890.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Zzh4Ti7eW0.exe, 00000000.00000002.1717705725.00000000041CE000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000003191000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000000.00000002.1726112890.0000000005AF0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.0000000000972000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.00000000008FF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: Qytqeye.pdbH source: Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003791000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000001.00000002.2942441277.0000000003B92000.00000004.00000800.00020000.00000000.sdmp, Zzh4Ti7eW0.exe, 00000001.00000002.2948938636.0000000004E80000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdb source: Zzh4Ti7eW0.exe, 00000000.00000002.1724296361.00000000058C0000.00000004.08000000.00040000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\symbols\dll\System.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.00000000008FF000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Windows\dll\System.pdb- source: Zzh4Ti7eW0.exe, 00000001.00000002.2938704438.000000000096F000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: m0C:\Windows\mscorlib.pdb source: Zzh4Ti7eW0.exe, 00000001.00000002.2937734915.00000000006F9000.00000004.00000010.00020000.00000000.sdmp |
Source: Zzh4Ti7eW0.exe, -.cs |
.Net Code: _E000 System.AppDomain.Load(byte[]) |
Source: Zzh4Ti7eW0.exe, -.cs |
.Net Code: _E009 System.Reflection.Assembly.Load(byte[]) |
Source: 0.2.Zzh4Ti7eW0.exe.4463480.1.raw.unpack, -.cs |
.Net Code: _E000 System.AppDomain.Load(byte[]) |
Source: 0.2.Zzh4Ti7eW0.exe.4463480.1.raw.unpack, -.cs |
.Net Code: _E009 System.Reflection.Assembly.Load(byte[]) |
Source: Yara match |
File source: 0.2.Zzh4Ti7eW0.exe.59c0000.7.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.1725273607.00000000059C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.1708109322.0000000002D41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Zzh4Ti7eW0.exe PID: 7296, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: Zzh4Ti7eW0.exe PID: 7344, type: MEMORYSTR |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_0595C7EA pushfd ; ret |
0_2_0595C7F5 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_059B3E77 push edx; ret |
0_2_059B3E7A |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_059B8A61 push es; retf |
0_2_059B8A62 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05C278CE push ecx; ret |
0_2_05C278CF |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05C27815 push ecx; ret |
0_2_05C27819 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 0_2_05C2775E push ecx; ret |
0_2_05C27762 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A4E69 push 00000002h; ret |
1_2_026A4E90 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A3E26 push E9000000h; retf |
1_2_026A3E31 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A4B51 push 00000002h; retf |
1_2_026A4B54 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A3301 push cs; ret |
1_2_026A3305 |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Code function: 1_2_026A4D9F push 00000002h; iretd |
1_2_026A4E3C |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Memory allocated: 1260000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Memory allocated: 2D40000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Memory allocated: 2BC0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Memory allocated: 25B0000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Memory allocated: 2790000 memory reserve | memory write watch |
Jump to behavior |
Source: C:\Users\user\Desktop\Zzh4Ti7eW0.exe |
Memory allocated: 2600000 memory reserve | memory write watch |
Jump to behavior |
Source: ioibrzb.exe.0.dr |
Binary or memory string: CompanyNameVMware, Inc.D |
Source: ioibrzb.exe.0.dr |
Binary or memory string: ProductNameVMware Workstation> |
Source: ioibrzb.exe.0.dr |
Binary or memory string: VMware, Inc. |
Source: ioibrzb.exe.0.dr |
Binary or memory string: CommentsVMware Player: |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000002D41000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem |
Source: ioibrzb.exe.0.dr |
Binary or memory string: VMware, Inc.1 |
Source: ioibrzb.exe.0.dr |
Binary or memory string: VMware, Inc.0 |
Source: Zzh4Ti7eW0.exe, 00000000.00000002.1708109322.0000000002D41000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: model0Microsoft|VMWare|Virtual |
Source: ioibrzb.exe.0.dr |
Binary or memory string: VMware Workstation% |
Source: ioibrzb.exe.0.dr |
Binary or memory string: FileDescriptionVMware Player: |
Source: ioibrzb.exe.0.dr |
Binary or memory string: noreply@vmware.com |
Source: ioibrzb.exe.0.dr |
Binary or memory string: VMware Player |
Source: ioibrzb.exe.0.dr |
Binary or memory string: VMware Workstation |