Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdbI source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: ((.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\System.pdbpdbtem.pdb_ source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdbSHA256}Lq source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdb source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdbP source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbp source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\System.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbl source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n8C:\Windows\InstallUtil.pdbo source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb:x source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp | String found in binary or memory: https://github.com/mgravell/protobuf-net |
Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp | String found in binary or memory: https://github.com/mgravell/protobuf-netJ |
Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp | String found in binary or memory: https://github.com/mgravell/protobuf-neti |
Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp | String found in binary or memory: https://stackoverflow.com/q/11564914/23354; |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmp, new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp | String found in binary or memory: https://stackoverflow.com/q/14436606/23354 |
Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp | String found in binary or memory: https://stackoverflow.com/q/2152978/23354 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_01016818 | 1_2_01016818 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_01016EE0 | 1_2_01016EE0 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_010177F5 | 1_2_010177F5 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_01018140 | 1_2_01018140 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_010181E1 | 1_2_010181E1 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_01018468 | 1_2_01018468 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_01016F1A | 1_2_01016F1A |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_01016F91 | 1_2_01016F91 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_01016ED0 | 1_2_01016ED0 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_010178F5 | 1_2_010178F5 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_01015F88 | 1_2_01015F88 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_01015F98 | 1_2_01015F98 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_068F2E10 | 1_2_068F2E10 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_068FA278 | 1_2_068FA278 |
Source: C:\Users\user\Desktop\new shipment list.exe | Code function: 1_2_068F2E03 | 1_2_068F2E03 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 3_2_00D83140 | 3_2_00D83140 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 3_2_00D87590 | 3_2_00D87590 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 3_2_00D8313F | 3_2_00D8313F |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 3_2_00D84928 | 3_2_00D84928 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 3_2_00D84927 | 3_2_00D84927 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 3_2_05135D90 | 3_2_05135D90 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Code function: 3_2_051364D0 | 3_2_051364D0 |
Source: new shipment list.exe, 00000001.00000002.2369532405.0000000000D5E000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs new shipment list.exe |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002B41000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilename vs new shipment list.exe |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002D8D000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameDkduvkpozd.exe" vs new shipment list.exe |
Source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs new shipment list.exe |
Source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmp | Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs new shipment list.exe |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XZK5yx8LN7TTJ1Dp60.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XZK5yx8LN7TTJ1Dp60.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, uFKBcNAqFE8o3QNxCa.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XlhyZ62ZvQpIOh3q8W4.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XlhyZ62ZvQpIOh3q8W4.cs | Cryptographic APIs: 'CreateDecryptor' |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, ITaskFolder.cs | Task registration methods: 'RegisterTaskDefinition', 'RegisterTask' |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskFolder.cs | Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder' |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, Task.cs | Task registration methods: 'RegisterChanges', 'CreateTask' |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskService.cs | Task registration methods: 'CreateFromToken' |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskPrincipal.cs | Security API names: System.Security.Principal.WindowsIdentity.GetCurrent() |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, User.cs | Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type) |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, Task.cs | Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskSecurity.cs | Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges() |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskSecurity.cs | Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule) |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, TaskFolder.cs | Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections) |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: mscoree.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: | Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\mscorlib.pdbI source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: ((.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\System.pdbpdbtem.pdb_ source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: new shipment list.exe, 00000001.00000002.2399656599.0000000006860000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdbSHA256}Lq source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: protobuf-net.pdb source: new shipment list.exe, 00000001.00000002.2398084399.0000000005CA0000.00000004.08000000.00040000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdbP source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbp source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\System.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbl source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: n8C:\Windows\InstallUtil.pdbo source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mscorlib.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb:x source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3601983298.00000000008F8000.00000004.00000010.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000003.00000002.3602015467.0000000000981000.00000004.00000020.00020000.00000000.sdmp |
Source: new shipment list.exe, o.cs | .Net Code: _0003 System.AppDomain.Load(byte[]) |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, uFKBcNAqFE8o3QNxCa.cs | .Net Code: seb2p4v4aY3XclLtOim System.AppDomain.Load(byte[]) |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, ReflectionHelper.cs | .Net Code: InvokeMethod |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, ReflectionHelper.cs | .Net Code: InvokeMethod |
Source: 1.2.new shipment list.exe.6860000.6.raw.unpack, XmlSerializationHelper.cs | .Net Code: ReadObjectProperties |
Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, TypeModel.cs | .Net Code: TryDeserializeList |
Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, ListDecorator.cs | .Net Code: Read |
Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, TypeSerializer.cs | .Net Code: CreateInstance |
Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, TypeSerializer.cs | .Net Code: EmitCreateInstance |
Source: 1.2.new shipment list.exe.5ca0000.5.raw.unpack, TypeSerializer.cs | .Net Code: EmitCreateIfNull |
Source: 1.2.new shipment list.exe.41b0030.2.raw.unpack, o.cs | .Net Code: _0003 System.AppDomain.Load(byte[]) |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, -Module--46569939-59e1-4dca-a112-bebc1acbcd69-.cs | High entropy of concatenated method names: 'n8cb3a09809ef4a48824065fe2f417f8d', 'ExcludeDescriptor', 'ChangeDescriptor', 'SetDescriptor', 'fybXBvIQI9804WjifYP', 'RE1KanI6b2croBhGanF', 'xPWbvxI9QZyvXZRTjFX', 'N1vPMcIDRtF01LDPqNW', 'MUcpusIwnb9DX3pfaHG', 'DV2FxqIe9QcTpK9XLGP' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, eQT3w42nJl1uf60i7dU.cs | High entropy of concatenated method names: 'cbkkbbJe8n', 'e9Zm98IjtDpOOnaJmuL', 'FVGwyWIpbJJGMYEN9Xi', 'eHPax9IgBNVabNpd9up', 'CvihfeIKLfEAo8A74UT', 'o7L4sEIMCtCqo0Ou0WR', 'XmZpQaIm3QDxKB7pyXO', 'InmbCUIPOy9esnM6gpF', 'FUwsnAIsNSOhwudxDnO', 'Ks3tqbI0hF9Ss2f0x3q' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, Qn9mWF4ugM8WP5SwEKG.cs | High entropy of concatenated method names: 'C1Nb4C6QJT', 'iHdbbL4Uit', 'T94bvWE4Tg', 'oivbND50WN', 'X1dbBLcEHS', 'wribIL5wvQ', 'Ogibr30TFe', 'qACbkrEHpX', 'G3fbyR9tQX', 's9abAl99fx' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XZK5yx8LN7TTJ1Dp60.cs | High entropy of concatenated method names: 'SVW2TNwteI', 'hjl2aXEXnc', 'fRY0oHBQMSaOwrywmKq', 'CddsWSBDuc4Nus2WSeQ', 'bHdIHXBRveufMrHKBsm', 'VUf34eB63FOwhhuTbvq', 'i4829iSo6t', 'aWS2QbJbTg', 'yrE2D8X9LI', 'l3asCWB8xy9Ied5C0Ro' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, uFKBcNAqFE8o3QNxCa.cs | High entropy of concatenated method names: 'csa5DiUJl', 'WaD1QRQQj', 'c1vG7hBBU', 'jjsXrKEIW', 'EOSJToEAL', 'TrfVNJWDD', 'UpDt3C3eh', 'UbRhcfocC', 'FSOEGRgUS', 'jQPd2o6Mn' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, XlhyZ62ZvQpIOh3q8W4.cs | High entropy of concatenated method names: 'UldPq1ICj8GrdC6G6yH', 'plY08cIUlbXBB5iOMPr', 'bG64QwHbrs', 'A7VDA0IWDIwp7WaZ0yc', 'OyOc4JI735jKkUo8jd9', 'S899jqIZr9nbmanPIYA', 'mKBy60IiywExmwojFRZ', 'aufA0pIzB9Z9vZQE9Yl', 'dLol7WrOkCaOY2giR1L', 'WTqqibrHMCcwh32DJM1' |
Source: 1.2.new shipment list.exe.3f336a8.0.raw.unpack, SvR1fLRqDuTPL6wDIw.cs | High entropy of concatenated method names: 'N6B9QdnhF', 'sFkQvXjiT', 'dSYDsaWsS', 'W5JBUDvgHwjRHl9FoMv', 'TC8iXXvKRTDj0JsZbPQ', 'xw2GtOvMb59sbSOcsfM', 'iAOI6KvspRx4dVipYAD', 'lX8vUBv0qy8GEhPGFkf', 'WR1Q3avj1DWMGBngLHW', 'q3cYHIvp8DqNVcCKEFY' |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\new shipment list.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | Jump to behavior |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Microsoft|VMWare|Virtual@) |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: crosoft|VMWare|Virtual |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: vmware |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMware|VIRTUAL|A M I|Xen |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: $cq 1:en-CH:Microsoft|VMWare|Virtual |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002B9E000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: explorerJSbieDll.dllKcuckoomon.dllLwin32_process.handle='{0}'MParentProcessIdNcmdOselect * from Win32_BIOS8Unexpected WMI query failurePversionQSerialNumberSVMware|VIRTUAL|A M I|XenTselect * from Win32_ComputerSystemUmanufacturerVmodelWMicrosoft|VMWare|VirtualXjohnYannaZxxxxxxxx |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMWareLRcq |
Source: new shipment list.exe, 00000001.00000002.2370553714.0000000002C45000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: $cq 1:en-CH:VMware|VIRTUAL|A M I|Xen |