File name:

KMS VL AIO_crackshash.com.zip

Full analysis: https://app.any.run/tasks/69f0764c-67ae-46e9-b873-4992cb9b60cd
Verdict: Malicious activity
Analysis date: December 04, 2023, 21:20:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

F6262C57883DEE2CEEC3B35DAD35BE10

SHA1:

8002C075EE443560E7D07DB8D52E5BD961675C21

SHA256:

DF606555E3DC7ADA4ABB747AA413D29CAC4048F5DB778EEE92BE5E81BDB6F4C5

SSDEEP:

3072:QhWYsvjoFMRLgyGxPLgRKF3er4C4fIXGA:QhWYcoMRLsxL3eZNGA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts Visual C# compiler

      • powershell.exe (PID: 1344)

    • Drops the executable file immediately after the start

      • csc.exe (PID: 3144)
      • powershell.exe (PID: 1344)

    • Creates a writable file in the system directory

      • powershell.exe (PID: 1344)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 3940)
      • net.exe (PID: 1900)
      • net.exe (PID: 788)
      • net.exe (PID: 3980)

  • SUSPICIOUS

    • Reads the Internet Settings

      • cscript.exe (PID: 280)
      • cmd.exe (PID: 3940)
      • WMIC.exe (PID: 3192)
      • WMIC.exe (PID: 2392)
      • WMIC.exe (PID: 3832)
      • WMIC.exe (PID: 2052)
      • WMIC.exe (PID: 2348)
      • WMIC.exe (PID: 120)
      • WMIC.exe (PID: 2500)
      • WMIC.exe (PID: 2924)
      • WMIC.exe (PID: 2784)
      • WMIC.exe (PID: 4068)
      • WMIC.exe (PID: 3584)

    • Uses RUNDLL32.EXE to load library

      • cscript.exe (PID: 280)

    • Runs shell command (SCRIPT)

      • cscript.exe (PID: 280)

    • Starts CMD.EXE for commands execution

      • cscript.exe (PID: 280)
      • cmd.exe (PID: 3940)

    • Executing commands from ".cmd" file

      • cscript.exe (PID: 280)

    • Application launched itself

      • cmd.exe (PID: 3940)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 3940)

    • Powershell version downgrade attack

      • powershell.exe (PID: 1344)
      • powershell.exe (PID: 3720)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 3940)

    • Possibly malicious use of IEX has been detected

      • cmd.exe (PID: 3940)

    • Probably obfuscated PowerShell command line is found

      • cmd.exe (PID: 3940)

    • Uses .NET C# to load dll

      • powershell.exe (PID: 1344)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3940)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 3940)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 3940)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 3216)
      • cmd.exe (PID: 2652)

    • Uses WMIC.EXE to obtain service application data

      • cmd.exe (PID: 296)

  • INFO

    • Manual execution by a user

      • cmd.exe (PID: 1640)
      • msedge.exe (PID: 3492)
      • wmpnscfg.exe (PID: 860)

    • Reads security settings of Internet Explorer

      • cscript.exe (PID: 280)

    • Application launched itself

      • msedge.exe (PID: 2764)
      • msedge.exe (PID: 3492)

    • Checks operating system version

      • cmd.exe (PID: 3940)

    • Checks supported languages

      • csc.exe (PID: 3144)
      • mode.com (PID: 3296)
      • wmpnscfg.exe (PID: 860)
      • cvtres.exe (PID: 2540)
      • mode.com (PID: 2728)

    • Reads the computer name

      • wmpnscfg.exe (PID: 860)

    • Reads Microsoft Office registry keys

      • reg.exe (PID: 4044)
      • reg.exe (PID: 3108)

    • Create files in a temporary directory

      • cvtres.exe (PID: 2540)
      • csc.exe (PID: 3144)

    • Reads the machine GUID from the registry

      • cvtres.exe (PID: 2540)
      • csc.exe (PID: 3144)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2021:07:19 15:00:54
ZipCRC: 0xdb5930a7
ZipCompressedSize: 41
ZipUncompressedSize: 41
ZipFileName: README.md
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
217
Monitored processes
171
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs cmd.exe no specs reg.exe no specs cscript.exe no specs rundll32.exe no specs cmd.exe msedge.exe no specs reg.exe no specs cmd.exe no specs msedge.exe no specs reg.exe no specs cmd.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs mode.com no specs cmd.exe no specs findstr.exe no specs findstr.exe no specs choice.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe no specs find.exe no specs sc.exe no specs find.exe no specs sc.exe no specs sc.exe no specs find.exe no specs find.exe no specs sc.exe no specs powershell.exe no specs csc.exe cvtres.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs wmic.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs wmic.exe no specs wmic.exe no specs findstr.exe no specs wmic.exe no specs findstr.exe no specs wmic.exe no specs findstr.exe no specs cmd.exe no specs wmic.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs net.exe no specs net1.exe no specs wmic.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs wmic.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs find.exe no specs wmic.exe no specs findstr.exe no specs sc.exe no specs sc.exe no specs find.exe no specs sc.exe no specs net.exe no specs net1.exe no specs sc.exe no specs find.exe no specs sc.exe no specs find.exe no specs net.exe no specs net1.exe no specs sc.exe no specs find.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs sc.exe no specs mode.com no specs findstr.exe no specs findstr.exe no specs choice.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
120wmic path SoftwareLicensingProduct where (PartialProductKey is not NULL) get ID /value C:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
124reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osppsvc.exe" /v VerifierFlags /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
240"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6a54f598,0x6a54f5a8,0x6a54f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
240reg query HKLM\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\InstallRoot /v Path C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
280cscript //NoLogo "C:\Users\admin\Desktop\KMS_VL_ALL_AIO_crackshash.cmd?.wsf" //job:ELAV /File:"C:\Users\admin\Desktop\KMS_VL_ALL_AIO_crackshash.cmd" -elevatedC:\Windows\System32\cscript.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Console Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\cscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
280reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\osppsvc.exe" /v GlobalFlag /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
296C:\Windows\system32\cmd.exe /c "wmic path SoftwareLicensingService get Version /VALUE"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
564"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\KMS VL AIO_crackshash.com.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
752reg delete "HKLM\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663" /fC:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
788net stop sppsvc /y C:\Windows\System32\net.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
Total events
8 108
Read events
7 929
Write events
172
Delete events
7

Modification events

(PID) Process:(564) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
2
Suspicious files
77
Text files
48
Unknown types
0

Dropped files

PID
Process
Filename
Type
4000msedge.exe
MD5:
SHA256:
3492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF20a879.TMP
MD5:
SHA256:
3492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF20a898.TMP
MD5:
SHA256:
3492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF20a8a8.TMP
MD5:
SHA256:
2764msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
564WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa564.34078\KMS_VL_ALL_AIO_crackshash.cmdtext
MD5:2A0CEF56F3B0D339121E6F15060E6254
SHA256:302E8CEB93E6316F2C2241E38FD1AEAD5EF2E647CEAC0CF1C94DFDF1B6C0ACBF
3492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF20a8d7.TMP
MD5:
SHA256:
3492msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
29
DNS requests
32
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2588
svchost.exe
239.255.255.250:1900
whitelisted
3380
msedge.exe
20.105.95.163:443
nav-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
3492
msedge.exe
239.255.255.250:1900
whitelisted
3380
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
3380
msedge.exe
104.21.0.236:443
www.crackshash.com
CLOUDFLARENET
unknown
3380
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3380
msedge.exe
51.104.176.40:443
data-edge.smartscreen.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.crackshash.com
  • 172.67.128.100
  • 104.21.0.236
unknown
nav-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
crackshash.com
  • 104.21.0.236
  • 172.67.128.100
malicious
data-edge.smartscreen.microsoft.com
  • 51.104.176.40
whitelisted
cdn.jsdelivr.net
  • 104.16.85.20
  • 104.16.87.20
  • 104.16.89.20
  • 104.16.86.20
  • 104.16.88.20
whitelisted
fonts.googleapis.com
  • 142.250.186.74
whitelisted
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
whitelisted
fonts.gstatic.com
  • 142.250.185.99
whitelisted

Threats

No threats detected
Process
Message
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR originated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
csc.exe
*** HR propagated: -2147024774 *** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
KMS VL AIO_crackshash.com.zip