File name:

CyberGhostVPNSetup.exe

Full analysis: https://app.any.run/tasks/18b8a6c0-93c5-4097-b592-4052a6310617
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 10, 2024, 00:55:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

FD093F3100A56B710C50D41667DA7E2B

SHA1:

5EC9063E4380F642D2A551DA76FD4D3F00FD4C96

SHA256:

F6DFAE75FD23C0446EC1721994CF2530C66BD76366423176414747B39153BF58

SSDEEP:

3072:z5XPWSc4UShBSz2fxhlYjciFvcbFqpdpupIgZFgSDLxgbjl:hgwxhlGciFvcbFqpdMpIgZFPLWJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • CyberGhostVPNSetup.exe (PID: 6592)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Checks Windows Trust Settings

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Executable content was dropped or overwritten

      • CyberGhostVPNSetup.exe (PID: 6592)

    • Reads the date of Windows installation

      • CyberGhostVPNSetup.exe (PID: 6592)

    • Adds/modifies Windows certificates

      • CyberGhostVPNSetup.exe (PID: 6592)

  • INFO

    • Reads the computer name

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Checks supported languages

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Disables trace logs

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Reads Environment values

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Creates files in the program directory

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Reads the machine GUID from the registry

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Checks proxy server information

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Reads the software policy settings

      • CyberGhostVPNSetup.exe (PID: 6592)
      • 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe (PID: 6964)

    • Creates files or folders in the user directory

      • CyberGhostVPNSetup.exe (PID: 6592)

    • Process checks computer location settings

      • CyberGhostVPNSetup.exe (PID: 6592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:09:13 09:25:01+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 80384
InitializedDataSize: 39424
UninitializedDataSize: -
EntryPoint: 0x1589e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.3.11.2
ProductVersionNumber: 8.3.11.2
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Installs CyberGhost 8 on your computer
CompanyName: CyberGhost S.R.L.
FileDescription: CyberGhost 8 Installer
FileVersion: 8.3.11.2
InternalName: WebBootstrapper.exe
LegalCopyright: Copyright © CyberGhost S.R.L. 2018-2022
LegalTrademarks: CyberGhost
OriginalFileName: WebBootstrapper.exe
ProductName: CyberGhost 8
ProductVersion: 8.3.11.2
AssemblyVersion: 8.3.11.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
119
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start cyberghostvpnsetup.exe 1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe cyberghostvpnsetup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6536"C:\Users\admin\Desktop\CyberGhostVPNSetup.exe" C:\Users\admin\Desktop\CyberGhostVPNSetup.exeexplorer.exe
User:
admin
Company:
CyberGhost S.R.L.
Integrity Level:
MEDIUM
Description:
CyberGhost 8 Installer
Exit code:
3221226540
Version:
8.3.11.2
Modules
Images
c:\users\admin\desktop\cyberghostvpnsetup.exe
c:\windows\system32\ntdll.dll
6592"C:\Users\admin\Desktop\CyberGhostVPNSetup.exe" C:\Users\admin\Desktop\CyberGhostVPNSetup.exe
explorer.exe
User:
admin
Company:
CyberGhost S.R.L.
Integrity Level:
HIGH
Description:
CyberGhost 8 Installer
Version:
8.3.11.2
Modules
Images
c:\users\admin\desktop\cyberghostvpnsetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
6964"C:\Program Files\0f8bfb1f-9b9e-403c-8db3-513c8a3c2b3e\1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe" "C:\Users\admin\Desktop\CyberGhostVPNSetup.exe"C:\Program Files\0f8bfb1f-9b9e-403c-8db3-513c8a3c2b3e\1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
CyberGhostVPNSetup.exe
User:
admin
Company:
CyberGhost S.A.
Integrity Level:
HIGH
Description:
CyberGhost 8 Installer
Version:
8.4.2.78
Modules
Images
c:\program files\0f8bfb1f-9b9e-403c-8db3-513c8a3c2b3e\1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
14 804
Read events
14 752
Write events
48
Delete events
4

Modification events

(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6592) CyberGhostVPNSetup.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\CyberGhostVPNSetup_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
1
Suspicious files
6
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
6592CyberGhostVPNSetup.exeC:\Program Files\0f8bfb1f-9b9e-403c-8db3-513c8a3c2b3e\1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exeexecutable
MD5:72540194BD451DAC050609406EB50A56
SHA256:3A18D5FD76ABCFE537D78457DAB4797231AF313028B5594231F019245C5F7A74
6592CyberGhostVPNSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDBder
MD5:94EDD8F3F6FAA7FDE69F27BE47EF21DE
SHA256:73C675B4FFCD5A6BDA710E206AE6BA3DC91F8EFEB8BDA995E89ECF9D51D4E9C2
69641fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exeC:\Users\admin\AppData\Local\Temp\Tmp9C8C.tmptext
MD5:647F843626B023AAAA748F924F95AC25
SHA256:732DEE732E0261AFBFBA21ECA43008A5009CFC9E4C405ECE8826A9746564CCEB
6592CyberGhostVPNSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_46E4040B4A28D439FBFA7E9FC642442Cbinary
MD5:692E25D7865E91803E8A8CBB770F5305
SHA256:8891C59898A5F07645513CD715BE13E379497A47DE25586D3C782FE1B443CAB3
6592CyberGhostVPNSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225Fbinary
MD5:FA6E2C42BCA2A360196147ADE6B1CE56
SHA256:0933161CBC297D753147A273BBB490B462CF641E0C57EBB5E1324E17627E7E18
6592CyberGhostVPNSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_46E4040B4A28D439FBFA7E9FC642442Cbinary
MD5:602087F429F7929E0C8F6186AC47C186
SHA256:20F94AD216D7EA9DD352394441E0C3582632D00DEE8163EFD8A2A4BDE1948AF6
6592CyberGhostVPNSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDBbinary
MD5:7223D0965323558ED5B0A4232C8B6564
SHA256:46A4E7244497DF775981B1E40275E7ABC2124890653A07064C855CA851D7617C
69641fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exeC:\Users\admin\AppData\Local\Temp\Tmp9C6C.tmptext
MD5:647F843626B023AAAA748F924F95AC25
SHA256:732DEE732E0261AFBFBA21ECA43008A5009CFC9E4C405ECE8826A9746564CCEB
6592CyberGhostVPNSetup.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225Fbinary
MD5:E673AAA1AA31E0958033DC9FBEBBEB79
SHA256:970038928B1056CFD572313A21E3E10403AA0F334A209426BF456E2A9A01F03B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
125
DNS requests
10
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5140
MoUsoCoreWorker.exe
GET
200
95.101.63.66:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
4080
svchost.exe
GET
200
95.101.63.66:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
2308
RUXIMICS.exe
GET
200
23.37.9.217:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
23.37.9.217:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
6592
CyberGhostVPNSetup.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEEj8k7RgVZSNNqfJionWlBY%3D
unknown
unknown
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/RUXIM?os=Windows&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3623&OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&FlightRing=Retail&AttrDataVer=186&App=RUXIM&AppVer=&DeviceFamily=Windows.Desktop
unknown
6592
CyberGhostVPNSetup.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSdE3gf41WAic8Uh9lF92%2BIJqh5qwQUMuuSmv81lkgvKEBCcCA2kVwXheYCEGIdbQxSAZ47kHkVIIkhHAo%3D
unknown
unknown
6592
CyberGhostVPNSetup.exe
GET
200
104.18.38.233:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVD%2BnGf79Hpedv3mhy6uKMVZkPCQQUDyrLIIcouOxvSK4rVKYpqhekzQwCEBCAEdkNAQ%2BVnslmQeaPkY8%3D
unknown
unknown
GET
200
null:443
https://download.cyberghostvpn.com/windows/webinstaller/8/WebInstaller.exe
unknown
executable
5.05 Mb
POST
200
13.89.179.13:443
https://self.events.data.microsoft.com/OneCollector/1.0/
unknown
binary
9 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
239.255.255.250:1900
unknown
4080
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2308
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
5140
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5140
MoUsoCoreWorker.exe
95.101.63.66:80
crl.microsoft.com
Akamai International B.V.
GB
unknown
4080
svchost.exe
95.101.63.66:80
crl.microsoft.com
Akamai International B.V.
GB
unknown
5140
MoUsoCoreWorker.exe
23.37.9.217:80
www.microsoft.com
AKAMAI-AS
PH
unknown
2308
RUXIMICS.exe
23.37.9.217:80
www.microsoft.com
AKAMAI-AS
PH
unknown
6592
CyberGhostVPNSetup.exe
104.20.1.14:443
download.cyberghostvpn.com
CLOUDFLARENET
shared

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 95.101.63.66
  • 72.247.176.73
whitelisted
www.microsoft.com
  • 23.37.9.217
whitelisted
download.cyberghostvpn.com
  • 104.20.1.14
  • 104.20.0.14
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
ocsp.comodoca.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted
ocsp.sectigo.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted
api.cyberghostvpn.com
  • 104.20.1.14
  • 104.20.0.14
unknown
feedback.cyberghostvpn.com
  • 104.20.0.14
  • 104.20.1.14
whitelisted
self.events.data.microsoft.com
  • 104.208.16.90
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Process
Message
1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
AppPath: C:\Program Files\0f8bfb1f-9b9e-403c-8db3-513c8a3c2b3e\1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe AppVersion: 8.4.2.78 WinVersion: 10.0.19045.0 ExceptionData: 6/10/2024 12:55 AM ExceptionType: System.Net.WebException ExceptionMessage: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ExceptionType: System.Net.WebException AdditionalMessage: StackTrace: at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<HandleWebException>d__55.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<DoRequest>d__54.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<DoRequestItem>d__59`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.ApiClasses.CgApiPing.<Fetch>d__4.MoveNext() ======================INNER EXCEPTION=================== ExceptionType: System.Security.Authentication.AuthenticationException ExceptionMessage: The remote certificate is invalid according to the validation procedure. ExceptionType: System.Security.Authentication.AuthenticationException StackTrace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) ======================MANUAL STACK TRACE=================== GetStackTrace (:0) GetExceptionDetails (:0) HandleExceptions (:0) Execute (:0) RunInternal (:0) Run (:0) ExecuteWithThreadLocal (:0) ExecuteEntry (:0) Dispatch (:0)
1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
--- Grabbed Thread Exception! ---
1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
AppPath: C:\Program Files\0f8bfb1f-9b9e-403c-8db3-513c8a3c2b3e\1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe AppVersion: 8.4.2.78 WinVersion: 10.0.19045.0 ExceptionData: 6/10/2024 12:55 AM ExceptionType: System.Net.WebException ExceptionMessage: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ExceptionType: System.Net.WebException AdditionalMessage: StackTrace: at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<HandleWebException>d__55.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<DoRequest>d__54.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<DoRequestItem>d__59`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.ApiClasses.CgApiPing.<Fetch>d__4.MoveNext() ======================INNER EXCEPTION=================== ExceptionType: System.Security.Authentication.AuthenticationException ExceptionMessage: The remote certificate is invalid according to the validation procedure. ExceptionType: System.Security.Authentication.AuthenticationException StackTrace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) ======================MANUAL STACK TRACE=================== GetStackTrace (:0) GetExceptionDetails (:0) HandleExceptions (:0) Execute (:0) RunInternal (:0) Run (:0) ExecuteWithThreadLocal (:0) ExecuteEntry (:0) Dispatch (:0)
1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
--- Grabbed Thread Exception! ---
1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
--- Grabbed Thread Exception! ---
1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
AppPath: C:\Program Files\0f8bfb1f-9b9e-403c-8db3-513c8a3c2b3e\1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe AppVersion: 8.4.2.78 WinVersion: 10.0.19045.0 ExceptionData: 6/10/2024 12:55 AM ExceptionType: System.Net.WebException ExceptionMessage: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ExceptionType: System.Net.WebException AdditionalMessage: StackTrace: at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<HandleWebException>d__55.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<DoRequest>d__54.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<DoRequestItem>d__59`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.ApiClasses.CgApiPing.<Fetch>d__4.MoveNext() ======================INNER EXCEPTION=================== ExceptionType: System.Security.Authentication.AuthenticationException ExceptionMessage: The remote certificate is invalid according to the validation procedure. ExceptionType: System.Security.Authentication.AuthenticationException StackTrace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) ======================MANUAL STACK TRACE=================== GetStackTrace (:0) GetExceptionDetails (:0) HandleExceptions (:0) Execute (:0) RunInternal (:0) Run (:0) ExecuteWithThreadLocal (:0) ExecuteEntry (:0) Dispatch (:0)
1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
--- Grabbed Thread Exception! ---
1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe
AppPath: C:\Program Files\0f8bfb1f-9b9e-403c-8db3-513c8a3c2b3e\1fd19131-d416-4e13-8bbc-83bf1e0cf8e9.exe AppVersion: 8.4.2.78 WinVersion: 10.0.19045.0 ExceptionData: 6/10/2024 12:55 AM ExceptionType: System.Net.WebException ExceptionMessage: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ExceptionType: System.Net.WebException AdditionalMessage: StackTrace: at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<HandleWebException>d__55.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<DoRequest>d__54.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.OAuth.JsonOAuthRestClient.<DoRequestItem>d__59`1.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Dashboard.Contracts.API.ApiClasses.CgApiPing.<Fetch>d__4.MoveNext() ======================INNER EXCEPTION=================== ExceptionType: System.Security.Authentication.AuthenticationException ExceptionMessage: The remote certificate is invalid according to the validation procedure. ExceptionType: System.Security.Authentication.AuthenticationException StackTrace: at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) ======================MANUAL STACK TRACE=================== GetStackTrace (:0) GetExceptionDetails (:0) HandleExceptions (:0) Execute (:0) RunInternal (:0) Run (:0) ExecuteWithThreadLocal (:0) ExecuteEntry (:0) Dispatch (:0)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CyberGhostVPNSetup.exe