Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb@@4 source: jp2launcher.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\iecontentservice.pdbb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: IEContentService.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officeappguardwin32.pdb source: officeappguardwin32.exe.2.dr |
Source: | Binary string: d:\dbs\el\ja2\target\x86\ship\dw\x-none\dw20.pdb source: DW20.EXE.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\ie_to_edge_stub.exe.pdbOGP source: ie_to_edge_stub.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\msedge_proxy.exe.pdb source: msedge_proxy.exe.2.dr |
Source: | Binary string: GoogleUpdateOnDemand_unsigned.pdb source: GoogleUpdateOnDemand.exe.2.dr |
Source: | Binary string: D:\dbs\el\ja2\Target\x86\ship\dcf\x-none\Common.DBConnection64.pdb source: Common.DBConnection64.exe.2.dr |
Source: | Binary string: d:\dbs\el\omr\target\x86\ship\graphics_filterloader\x-none\FLTLDR.pdb source: FLTLDR.EXE.2.dr |
Source: | Binary string: MicrosoftEdgeComRegisterShellARM64_unsigned.pdb source: MicrosoftEdgeComRegisterShellARM64.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\initialexe\msedge.exe.pdbOGP source: msedge.exe.2.dr, msedge.exe0.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\msedge_proxy.exe.pdbOGP source: msedge_proxy.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\cnfnot32.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: CNFNOT32.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\olicenseheartbeat.pdb source: OLicenseHeartbeat.exe.2.dr |
Source: | Binary string: GoogleCrashHandler64_unsigned.pdb source: GoogleCrashHandler64.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2rcross\x-none\msohtmed.pdb source: MSOHTMED.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officescrsanbroker.pdbbroker.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OfficeScrSanBroker.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\initialexe\msedge.exe.pdb source: msedge.exe.2.dr, msedge.exe0.2.dr |
Source: | Binary string: D:\dbs\el\ja2\Target\x64\ship\postc2rcross\x-none\msoxmled.pdb source: MSOXMLED.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officescrsanbroker.pdb source: OfficeScrSanBroker.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\msedge_pwa_launcher.exe.pdb source: msedge_pwa_launcher.exe.2.dr |
Source: | Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe.pdb source: Aut2exe.exe.2.dr |
Source: | Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: AdobeARMHelper.exe.2.dr |
Source: | Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb source: integrator.exe.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb00 source: unpack200.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\ocpubmgr.pdb source: OcPubMgr.exe.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: jp2launcher.exe.2.dr |
Source: | Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: integrator.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\msoadfsb.pdbdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: msoadfsb.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\onenote.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: ONENOTE.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\setlang.pdb source: SETLANG.EXE.2.dr |
Source: | Binary string: D:\dbs\el\ja2\Target\x64\ship\postc2rcross\x-none\msoxmled.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: MSOXMLED.EXE.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\ie_to_edge_stub.exe.pdb source: ie_to_edge_stub.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\clview.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: CLVIEW.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\setlang.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: SETLANG.EXE.2.dr |
Source: | Binary string: MicrosoftEdgeComRegisterShellARM64_unsigned.pdbh source: MicrosoftEdgeComRegisterShellARM64.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\msedge_pwa_launcher.exe.pdbOGP source: msedge_pwa_launcher.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\onenote.pdb source: ONENOTE.EXE.2.dr |
Source: | Binary string: D:\a\_work\1\s\src\ai\windows\dll\x64\Release\ai.exe.pdb+ source: ai.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\cnfnot32.pdb source: CNFNOT32.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\olicenseheartbeat.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OLicenseHeartbeat.exe.2.dr |
Source: | Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdbr source: AdobeARMHelper.exe.2.dr |
Source: | Binary string: GoogleCrashHandler64_unsigned.pdbl source: GoogleCrashHandler64.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\winword.pdb source: WINWORD.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\winword.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: WINWORD.EXE.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\ssvagent\obj\ssvagent.pdb<<7 source: ssvagent.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\iecontentservice.pdb source: IEContentService.exe.2.dr |
Source: | Binary string: D:\a\_work\1\s\src\ai\windows\dll\x64\Release\ai.exe.pdb source: ai.exe.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\ssvagent\obj\ssvagent.pdb source: ssvagent.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\ocpubmgr.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OcPubMgr.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\scanpst.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: SCANPST.EXE.2.dr |
Source: | Binary string: d:\dbs\el\omr\target\x86\ship\graphics_filterloader\x-none\FLTLDR.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: FLTLDR.EXE.2.dr |
Source: | Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe_x64.pdb source: Aut2exe_x64.exe.2.dr |
Source: | Binary string: in32.pdb source: officeappguardwin32.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\clview.pdb source: CLVIEW.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officeappguardwin32.pdbin32.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: officeappguardwin32.exe.2.dr |
Source: | Binary string: d:\dbs\el\ja2\target\x86\ship\dw\x-none\dw20.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: DW20.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2rcross\x-none\msohtmed.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: MSOHTMED.EXE.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.2.dr |
Source: | Binary string: broker.pdb source: OfficeScrSanBroker.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\scanpst.pdb source: SCANPST.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\msoadfsb.pdb source: msoadfsb.exe.2.dr |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Users\user\AppData\Local\Temp\chrome.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe | Jump to behavior |
Source: integrator.exe.2.dr | String found in binary or memory: http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte |
Source: OLicenseHeartbeat.exe.2.dr | String found in binary or memory: http://CodeTypeIsExpectedOffice.System.ResultGlobal |
Source: OfficeScrSanBroker.exe.2.dr | String found in binary or memory: http://SoftwareMicrosoft16.0CommonDebugHKEY_LOCAL_MACHINEHKEY_CURRENT_USER |
Source: msoadfsb.exe.2.dr | String found in binary or memory: http://aka.ms/sdxdebug |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0 |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0 |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: java.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: AdobeARMHelper.exe.2.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: http://es5.github.io/#x15.4.4.21 |
Source: MSOHTMED.EXE.2.dr | String found in binary or memory: http://https://ftp://.htmlGot |
Source: jucheck.exe.2.dr | String found in binary or memory: http://java.sun.com |
Source: jucheck.exe.2.dr | String found in binary or memory: http://java.sun.comnot |
Source: QSPC03PC230308097.exe, 00000002.00000002.2053358913.0000000000D30000.00000004.00000010.00020000.00000000.sdmp, Uninstall.exe.2.dr | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://ocsp.digicert.com0 |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://ocsp.digicert.com0A |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://ocsp.digicert.com0C |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://ocsp.digicert.com0X |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://ocsp2.globalsign.com/rootr306 |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://ocsp2.globalsign.com/rootr606 |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.Service |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjects |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://schemas.datacontract.org/2004/07/Microsoft.Office.Web.Roaming.SoapObjectsItemsSortKeyArrayOfR |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08 |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0 |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: http://stackoverflow.com/a/1465386/4224163 |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: http://stackoverflow.com/a/15123777) |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: http://stackoverflow.com/questions/1026069/capitalize-the-first-letter-of-string-in-javascript |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: http://stackoverflow.com/questions/1068834/object-comparison-in-javascript |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/ |
Source: QSPC03PC230308097.exe, 00000000.00000002.1651215137.000000000317A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://tempuri.org/DataSet1.xsd |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/DisableUser |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/DisableUserResponse |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/EnableUser |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/EnableUserResponse |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/GetConfig |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/GetConfigResponse |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/ReadSettings |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/ReadSettingsResponse |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/WriteSettings |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/WriteSettingsResponse |
Source: officeappguardwin32.exe.2.dr | String found in binary or memory: http://tempuri.org/IRoamingSettingsService/WriteSettingshttp://tempuri.org/IRoamingSettingsService/R |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: Aut2exe.exe.2.dr | String found in binary or memory: http://www.autoitscript.com/autoit3/ |
Source: Aut2exe_x64.exe.2.dr | String found in binary or memory: http://www.autoitscript.com/autoit3/8 |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.coml |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: http://www.computerhope.com/forum/index.php?topic=76293.0 |
Source: java.exe.2.dr, AdobeARMHelper.exe.2.dr, jucheck.exe.2.dr, unpack200.exe.2.dr, jusched.exe.2.dr, jaureg.exe.2.dr, GoogleUpdateOnDemand.exe.2.dr, ssvagent.exe.2.dr, jp2launcher.exe.2.dr, GoogleCrashHandler64.exe.2.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fonts.com |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sakkal.com |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.com |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: http://www.tutorialspoint.com/javascript/array_map.htm |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.typography.netD |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
Source: QSPC03PC230308097.exe, 00000000.00000002.1655577551.0000000009B62000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
Source: OcPubMgr.exe.2.dr | String found in binary or memory: http://xml.org/sax/properties/lexical-handlerhttp://xml.org/sax/features/namespace-prefixeshttp://xm |
Source: QSPC03PC230308097.exe, 00000000.00000002.1652172604.0000000004B4E000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://account.dyn.com/ |
Source: msedge.exe.2.dr, msedge.exe0.2.dr | String found in binary or memory: https://crashpad.chromium.org/ |
Source: msedge.exe.2.dr, msedge.exe0.2.dr | String found in binary or memory: https://crashpad.chromium.org/bug/new |
Source: msedge.exe.2.dr, msedge.exe0.2.dr | String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/Reduce |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith |
Source: msedge_proxy.exe.2.dr, msedge.exe.2.dr, msedge_pwa_launcher.exe.2.dr, msedge.exe0.2.dr | String found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff |
Source: msedge_proxy.exe.2.dr, msedge.exe.2.dr, msedge_pwa_launcher.exe.2.dr, msedge.exe0.2.dr | String found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-%s.xml |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xml |
Source: jucheck.exe.2.dr, jusched.exe.2.dr | String found in binary or memory: https://javadl-esd-secure.oracle.com/update/%s/map-m-%s.xmlhttps://javadl-esd-secure.oracle.com/upda |
Source: OLicenseHeartbeat.exe.2.dr | String found in binary or memory: https://login.windows.net/commonhttps://login.windows.netDBSFetcher::CreateRequestHeader |
Source: integrator.exe.2.dr | String found in binary or memory: https://nexus.officeapps.live.comhttps://nexusrules.officeapps.live.com |
Source: integrator.exe.2.dr | String found in binary or memory: https://otelrules.azureedge.net/rules/.bundlesdxhelper.exeFailed |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: https://www.autoitscript.com/autoit3/ |
Source: Aut2exe_x64.exe.2.dr, Au3Check.exe.2.dr | String found in binary or memory: https://www.globalsign.com/repository/0 |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb@@4 source: jp2launcher.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\iecontentservice.pdbb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: IEContentService.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officeappguardwin32.pdb source: officeappguardwin32.exe.2.dr |
Source: | Binary string: d:\dbs\el\ja2\target\x86\ship\dw\x-none\dw20.pdb source: DW20.EXE.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\ie_to_edge_stub.exe.pdbOGP source: ie_to_edge_stub.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\msedge_proxy.exe.pdb source: msedge_proxy.exe.2.dr |
Source: | Binary string: GoogleUpdateOnDemand_unsigned.pdb source: GoogleUpdateOnDemand.exe.2.dr |
Source: | Binary string: D:\dbs\el\ja2\Target\x86\ship\dcf\x-none\Common.DBConnection64.pdb source: Common.DBConnection64.exe.2.dr |
Source: | Binary string: d:\dbs\el\omr\target\x86\ship\graphics_filterloader\x-none\FLTLDR.pdb source: FLTLDR.EXE.2.dr |
Source: | Binary string: MicrosoftEdgeComRegisterShellARM64_unsigned.pdb source: MicrosoftEdgeComRegisterShellARM64.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\initialexe\msedge.exe.pdbOGP source: msedge.exe.2.dr, msedge.exe0.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\msedge_proxy.exe.pdbOGP source: msedge_proxy.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\cnfnot32.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: CNFNOT32.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\olicenseheartbeat.pdb source: OLicenseHeartbeat.exe.2.dr |
Source: | Binary string: GoogleCrashHandler64_unsigned.pdb source: GoogleCrashHandler64.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2rcross\x-none\msohtmed.pdb source: MSOHTMED.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officescrsanbroker.pdbbroker.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OfficeScrSanBroker.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\initialexe\msedge.exe.pdb source: msedge.exe.2.dr, msedge.exe0.2.dr |
Source: | Binary string: D:\dbs\el\ja2\Target\x64\ship\postc2rcross\x-none\msoxmled.pdb source: MSOXMLED.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officescrsanbroker.pdb source: OfficeScrSanBroker.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\msedge_pwa_launcher.exe.pdb source: msedge_pwa_launcher.exe.2.dr |
Source: | Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe.pdb source: Aut2exe.exe.2.dr |
Source: | Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: AdobeARMHelper.exe.2.dr |
Source: | Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb source: integrator.exe.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb00 source: unpack200.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\ocpubmgr.pdb source: OcPubMgr.exe.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\java_objs\java.pdb source: java.exe.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: jp2launcher.exe.2.dr |
Source: | Binary string: d:\dbs\el\omr\target\x86\ship\click2run\x-none\Integrator.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: integrator.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\msoadfsb.pdbdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: msoadfsb.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\onenote.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: ONENOTE.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\setlang.pdb source: SETLANG.EXE.2.dr |
Source: | Binary string: D:\dbs\el\ja2\Target\x64\ship\postc2rcross\x-none\msoxmled.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: MSOXMLED.EXE.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\ie_to_edge_stub.exe.pdb source: ie_to_edge_stub.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\clview.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: CLVIEW.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\setlang.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: SETLANG.EXE.2.dr |
Source: | Binary string: MicrosoftEdgeComRegisterShellARM64_unsigned.pdbh source: MicrosoftEdgeComRegisterShellARM64.exe.2.dr |
Source: | Binary string: D:\a\_work\e\src\out\Release_x64\msedge_pwa_launcher.exe.pdbOGP source: msedge_pwa_launcher.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\onenote.pdb source: ONENOTE.EXE.2.dr |
Source: | Binary string: D:\a\_work\1\s\src\ai\windows\dll\x64\Release\ai.exe.pdb+ source: ai.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\cnfnot32.pdb source: CNFNOT32.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\olicenseheartbeat.pdb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OLicenseHeartbeat.exe.2.dr |
Source: | Binary string: D:\DCB\CBT_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdbr source: AdobeARMHelper.exe.2.dr |
Source: | Binary string: GoogleCrashHandler64_unsigned.pdbl source: GoogleCrashHandler64.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\winword.pdb source: WINWORD.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\winword.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: WINWORD.EXE.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\ssvagent\obj\ssvagent.pdb<<7 source: ssvagent.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\iecontentservice.pdb source: IEContentService.exe.2.dr |
Source: | Binary string: D:\a\_work\1\s\src\ai\windows\dll\x64\Release\ai.exe.pdb source: ai.exe.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\deploy\tmp\ssvagent\obj\ssvagent.pdb source: ssvagent.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\ocpubmgr.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: OcPubMgr.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\scanpst.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: SCANPST.EXE.2.dr |
Source: | Binary string: d:\dbs\el\omr\target\x86\ship\graphics_filterloader\x-none\FLTLDR.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: FLTLDR.EXE.2.dr |
Source: | Binary string: C:\Data\svn\autoit\branch_3.3.16\bin\Aut2Exe\Aut2Exe_x64.pdb source: Aut2exe_x64.exe.2.dr |
Source: | Binary string: in32.pdb source: officeappguardwin32.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\clview.pdb source: CLVIEW.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\officeappguardwin32.pdbin32.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: officeappguardwin32.exe.2.dr |
Source: | Binary string: d:\dbs\el\ja2\target\x86\ship\dw\x-none\dw20.pdb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: DW20.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2rcross\x-none\msohtmed.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000S source: MSOHTMED.EXE.2.dr |
Source: | Binary string: c:\jenkins\workspace\8-2-build-windows-i586-cygwin-sans-NAS\jdk8u381\237\build\windows-i586\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe.2.dr |
Source: | Binary string: broker.pdb source: OfficeScrSanBroker.exe.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\scanpst.pdb source: SCANPST.EXE.2.dr |
Source: | Binary string: D:\dbs\el\omr\Target\x86\ship\postc2r\x-none\msoadfsb.pdb source: msoadfsb.exe.2.dr |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, cmj53S8csZt3XY6dRV.cs | High entropy of concatenated method names: 'eRKJhslaLh', 'lDuJYh0f5t', 'QXJJ3EdRvC', 'RTMJElLuQa', 'blYJebbH1S', 'DMYJjj5NMI', 'jCuJHRWBQc', 'D9ZVIrfVel', 'EhkV8GJADB', 'O7WVgWHi8V' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, TpXh0oNQBlyJgLc5C3.cs | High entropy of concatenated method names: 'PoGjqKio7a', 'DRpjBLwnKa', 'VduUQNAKJT', 'HnoU55ZR5h', 'tf8UGwWU49', 'me4U0NBJ3p', 'L9RUmWlCCp', 'EgbUMF9EQg', 'Xh1UuJbS12', 'xeXURdD5gR' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, s5Xl7vFaad5FVXhONt.cs | High entropy of concatenated method names: 'y6iT7fXqee', 'rurTdIjP9i', 'sQITsbTkRr', 'iFUTa7Owhk', 'VbKTqsJXS0', 'rVhT41cFgZ', 'PF5TBUwO6h', 'fTETNKWo0E', 'BEjTnykmJI', 'B3TTXrLNCJ' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, AQ0H17BpUbyb4jWBs1.cs | High entropy of concatenated method names: 'sHjeb2FLXX', 'cIFewVhNdO', 'H31ekJT1dw', 'dtTeoOBDVB', 'cJaetPiX1y', 'nMpe9SDsal', 'D1veIhvqG4', 'DJJe8fSGSb', 'hYOegA3CWx', 'NBsepo9i4v' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, YQ3No54So1seQhpPbq.cs | High entropy of concatenated method names: 'y3qYCCb3Gj', 'SF9YEUTvpH', 'sqoYemuEhP', 'zcoYUKcboW', 'hLAYjedBhw', 'ib1YH8D9U6', 'un5YTiHsdc', 'hwgYKevTbw', 'FCnYLgVkXk', 'lJiYPDPwAW' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, mnnSSdz5Uqd8yUCfd1.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VNKJDHY2Sx', 'qkIJZXmawq', 'rsaJWNvWa5', 'DfBJlXbmog', 'mspJV5PP2w', 'gWXJJcSiXG', 'LvrJAus05q' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, xnpUXHDdqZfbjeqoHI.cs | High entropy of concatenated method names: 'ToString', 'yibWioT18R', 'VjmW1bV0ti', 'CjNWQyWLIn', 'wNJW5M5jT0', 'TQxWGUKPaL', 'zv9W0lBl2n', 'D4AWm0D8Cm', 'AZWWMM8A6v', 'voHWumNelp' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, hPSI9mSbGZcCM6Ldy9.cs | High entropy of concatenated method names: 'LJ2HCMpps9', 'uGnHeAmGpX', 'fFZHjNMONU', 'EqtHTfDZaS', 'lXIHKfjLJ6', 'wHGjtEZt5W', 'PN7j91dVji', 'uDKjIobu3Z', 'dXfj8uA9vZ', 'rS0jgFtTsr' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, oIV0SM1qBhB6s6jHai.cs | High entropy of concatenated method names: 'vIRsA5dCh', 'mWwawUa03', 'c6y4SBP53', 'dh3BAWg8u', 'NtpnWAobe', 'nekX6F3E9', 's22uTx8vXfeRRfyI12', 'gsxjiInF7F80ZQtPro', 'd1gVNpP0s', 'OpTARrSEc' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, qUbqRjPH7QrggG59OrD.cs | High entropy of concatenated method names: 'fVSJ7dNcir', 'V6EJdVDkcD', 'RGLJsAbJQg', 'FJlJam3CJ0', 'XFLJqs5K8T', 'sLZJ4SYvFR', 'K3vJBPoxJa', 'KOvJNdvTNS', 'Y1jJnEONKn', 'TVQJXgHw42' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, J6cR8bTNlq40kMtptA.cs | High entropy of concatenated method names: 'Usrl8pIwnu', 'Y40lp3RrqM', 'owkVf42yPF', 'JxZVhCSyxy', 'zy5liq4Yjh', 'SjqlFbenSo', 'QpXlxlC995', 'XNPlb1iyVW', 'dhPlwI08J4', 'iTllksOQF1' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, BEqUxGqTXmMvtmq6dA.cs | High entropy of concatenated method names: 'x6iVE45svW', 'IpEVe3ECfy', 'IZlVUqs3XM', 'JuUVjGk0EW', 'bLMVHcmEnX', 'wpCVTQoPXs', 'SphVKF5AH4', 'oOvVLCQpU6', 'qD9VPJIi7R', 'pykV2PoChh' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, I9xY27PtDGHaqQTrh58.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XyrAb1IqIZ', 'w7VAwHipBZ', 'oSGAkIfmnR', 'W1RAoEbki9', 'ykmAtkPtCL', 'ouQA9H6yvN', 'TeiAITTEDs' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, S92TI73dKkC8UZqcIe.cs | High entropy of concatenated method names: 'EcxhTK3c80', 'rEZhKTiHKZ', 'zRwhPI63H2', 'RFlh28J3dE', 'QA1hZSZioY', 'AEhhWNd16A', 'dbEXSjXd76bTQu7Eqc', 'v4mUcUu1Gjby1v8RQ5', 'PM7hhFB8xZ', 'LXohYZHn1g' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, Do4G1BPPgsyM6eHqvGR.cs | High entropy of concatenated method names: 'ToString', 'zpLAYjFvR4', 'CrVA3pGUxt', 'w4JACQ1IY2', 'WO7AEY62VV', 'A9sAeA3Eba', 'xSkAUny3mi', 'prYAjiRtcv', 'DYT5uL9BCXuuTRhQjnS', 'gYd9lW9iDH7akQMf5hd' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, yVGVPoVSuPbv6AWbEd.cs | High entropy of concatenated method names: 'mYKZRcWBCr', 'dUkZFpCUJL', 'S1qZblJeu9', 'P52ZwmpYTV', 'oVYZ1HEt7d', 'P5cZQOQiGK', 'GRBZ5eeoSZ', 'sXVZGvdm8K', 'aQRZ0xtlDj', 'DTZZm1G1YQ' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, MXYAaceiTdSH3B2Y4e.cs | High entropy of concatenated method names: 'FHJDNlS6Zr', 'h0gDnCq77G', 'j8xDSmYAKM', 'syiD16sMG1', 'rBqD5ohZpK', 'OcGDGN0VWE', 'qqaDmWa6Vk', 'QEvDMftEqp', 'ytoDRMpExj', 'bv2DiOttMs' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, oADqKGkUaYRyu9b1Sa.cs | High entropy of concatenated method names: 'g6aVSHfmrD', 'bZAV1SeN9c', 'GUCVQsWwJu', 'I7CV5iHgO8', 'avAVbNaHB3', 'RrVVGIW8iY', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, BFNdCoIqsUh76kjhGf.cs | High entropy of concatenated method names: 'Dispose', 'aErhg9YINI', 'F6br1fIuRD', 'VPm669cxus', 'gmHhpTl3Zm', 'XVshzcs4n1', 'ProcessDialogKey', 'oUFrfO6e6o', 'i60rhYe5yc', 'IZ5rrLhsRk' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, cXZFcOUmZWwIo86LW1.cs | High entropy of concatenated method names: 'AOKUaIT086', 'D6SU4L2sZv', 'FpHUNIisW9', 'c8XUnB2Pon', 'mtVUZp2Bw1', 'bibUWWkqQw', 'Uw5Ul3G9In', 'i9DUVdSCfu', 'LCyUJXg2uh', 'J3oUABWgYI' |
Source: 0.2.QSPC03PC230308097.exe.4d7b880.7.raw.unpack, Xuk8CuiJPjiclIovj4.cs | High entropy of concatenated method names: 'aFblPN3Rm8', 'L8Ul2uDsJc', 'ToString', 'xIVlEihTtU', 'wrvleDdFjx', 'kpalUBK1Dx', 'zAoljFoNIk', 'CwxlHCVVwQ', 'N2tlTPNcDj', 'Q4mlKWswVg' |
Source: 0.2.QSPC03PC230308097.exe.a040000.10.raw.unpack, R87QTajabri3WprdxA.cs | High entropy of concatenated method names: 'SoFXXYTXBr', 'VXePqW7LxoGttIrQMM', 'VJKqh4rSy8UE5CPs2d', 'w7T6rNymrPsVe05ZjX', 'Qa5usbZfG', 'UsaN6r2JI', 'Dispose', 'xdE70OV1R', 'WKG8Nh2TLfQX7DMBJq', 'FCyDZoO16YhsTUYx7V' |
Source: 0.2.QSPC03PC230308097.exe.a040000.10.raw.unpack, I1Ds3abkUA5mh3kywv.cs | High entropy of concatenated method names: 'I6pnpGMEc', 'pUPSoKeTB', 'w3OonGh86', 'S3aaCOvyF', 'MagvcleIh', 'hvmph4XfL', 'eXtqEM8mO', 'RC38AH4Bb', 'hyVW2X9uL', 'AbHynsT40' |
Source: 0.2.QSPC03PC230308097.exe.a040000.10.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs | High entropy of concatenated method names: 'sRJJ4PC1lt6MgSX9oLN', 'qCuPUJCYMdGJYrcKdqj', 'T9OMNMJAsS', 'KH71sVC96gudd8OjhqS', 'qSoaq8CnboJYXbPCm1H', 'XtbiVDCeUWVlZdG2V08', 'D2TFRiCIaLSytg31rTE', 'MtxGm4CM57HGXUKQMIN', 'RgtTUJcyZL', 'eFmMT9Tlnp' |
Source: 0.2.QSPC03PC230308097.exe.a040000.10.raw.unpack, QEHxtuXFnnkJABhbAo.cs | High entropy of concatenated method names: 'Geosg7Hdn', 'wwIBOnTmd', 'siWV4YECO', 'k32FNitut', 'cUAG5mh3k', 'JwvHwu9Dw', 'cr1hyajqeLqaQ4F9dK', 'Pgut89mcfAIn6Hs5oN', 'Dispose', 'MoveNext' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, cmj53S8csZt3XY6dRV.cs | High entropy of concatenated method names: 'eRKJhslaLh', 'lDuJYh0f5t', 'QXJJ3EdRvC', 'RTMJElLuQa', 'blYJebbH1S', 'DMYJjj5NMI', 'jCuJHRWBQc', 'D9ZVIrfVel', 'EhkV8GJADB', 'O7WVgWHi8V' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, TpXh0oNQBlyJgLc5C3.cs | High entropy of concatenated method names: 'PoGjqKio7a', 'DRpjBLwnKa', 'VduUQNAKJT', 'HnoU55ZR5h', 'tf8UGwWU49', 'me4U0NBJ3p', 'L9RUmWlCCp', 'EgbUMF9EQg', 'Xh1UuJbS12', 'xeXURdD5gR' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, s5Xl7vFaad5FVXhONt.cs | High entropy of concatenated method names: 'y6iT7fXqee', 'rurTdIjP9i', 'sQITsbTkRr', 'iFUTa7Owhk', 'VbKTqsJXS0', 'rVhT41cFgZ', 'PF5TBUwO6h', 'fTETNKWo0E', 'BEjTnykmJI', 'B3TTXrLNCJ' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, AQ0H17BpUbyb4jWBs1.cs | High entropy of concatenated method names: 'sHjeb2FLXX', 'cIFewVhNdO', 'H31ekJT1dw', 'dtTeoOBDVB', 'cJaetPiX1y', 'nMpe9SDsal', 'D1veIhvqG4', 'DJJe8fSGSb', 'hYOegA3CWx', 'NBsepo9i4v' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, YQ3No54So1seQhpPbq.cs | High entropy of concatenated method names: 'y3qYCCb3Gj', 'SF9YEUTvpH', 'sqoYemuEhP', 'zcoYUKcboW', 'hLAYjedBhw', 'ib1YH8D9U6', 'un5YTiHsdc', 'hwgYKevTbw', 'FCnYLgVkXk', 'lJiYPDPwAW' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, mnnSSdz5Uqd8yUCfd1.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VNKJDHY2Sx', 'qkIJZXmawq', 'rsaJWNvWa5', 'DfBJlXbmog', 'mspJV5PP2w', 'gWXJJcSiXG', 'LvrJAus05q' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, xnpUXHDdqZfbjeqoHI.cs | High entropy of concatenated method names: 'ToString', 'yibWioT18R', 'VjmW1bV0ti', 'CjNWQyWLIn', 'wNJW5M5jT0', 'TQxWGUKPaL', 'zv9W0lBl2n', 'D4AWm0D8Cm', 'AZWWMM8A6v', 'voHWumNelp' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, hPSI9mSbGZcCM6Ldy9.cs | High entropy of concatenated method names: 'LJ2HCMpps9', 'uGnHeAmGpX', 'fFZHjNMONU', 'EqtHTfDZaS', 'lXIHKfjLJ6', 'wHGjtEZt5W', 'PN7j91dVji', 'uDKjIobu3Z', 'dXfj8uA9vZ', 'rS0jgFtTsr' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, oIV0SM1qBhB6s6jHai.cs | High entropy of concatenated method names: 'vIRsA5dCh', 'mWwawUa03', 'c6y4SBP53', 'dh3BAWg8u', 'NtpnWAobe', 'nekX6F3E9', 's22uTx8vXfeRRfyI12', 'gsxjiInF7F80ZQtPro', 'd1gVNpP0s', 'OpTARrSEc' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, qUbqRjPH7QrggG59OrD.cs | High entropy of concatenated method names: 'fVSJ7dNcir', 'V6EJdVDkcD', 'RGLJsAbJQg', 'FJlJam3CJ0', 'XFLJqs5K8T', 'sLZJ4SYvFR', 'K3vJBPoxJa', 'KOvJNdvTNS', 'Y1jJnEONKn', 'TVQJXgHw42' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, J6cR8bTNlq40kMtptA.cs | High entropy of concatenated method names: 'Usrl8pIwnu', 'Y40lp3RrqM', 'owkVf42yPF', 'JxZVhCSyxy', 'zy5liq4Yjh', 'SjqlFbenSo', 'QpXlxlC995', 'XNPlb1iyVW', 'dhPlwI08J4', 'iTllksOQF1' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, BEqUxGqTXmMvtmq6dA.cs | High entropy of concatenated method names: 'x6iVE45svW', 'IpEVe3ECfy', 'IZlVUqs3XM', 'JuUVjGk0EW', 'bLMVHcmEnX', 'wpCVTQoPXs', 'SphVKF5AH4', 'oOvVLCQpU6', 'qD9VPJIi7R', 'pykV2PoChh' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, I9xY27PtDGHaqQTrh58.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XyrAb1IqIZ', 'w7VAwHipBZ', 'oSGAkIfmnR', 'W1RAoEbki9', 'ykmAtkPtCL', 'ouQA9H6yvN', 'TeiAITTEDs' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, S92TI73dKkC8UZqcIe.cs | High entropy of concatenated method names: 'EcxhTK3c80', 'rEZhKTiHKZ', 'zRwhPI63H2', 'RFlh28J3dE', 'QA1hZSZioY', 'AEhhWNd16A', 'dbEXSjXd76bTQu7Eqc', 'v4mUcUu1Gjby1v8RQ5', 'PM7hhFB8xZ', 'LXohYZHn1g' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, Do4G1BPPgsyM6eHqvGR.cs | High entropy of concatenated method names: 'ToString', 'zpLAYjFvR4', 'CrVA3pGUxt', 'w4JACQ1IY2', 'WO7AEY62VV', 'A9sAeA3Eba', 'xSkAUny3mi', 'prYAjiRtcv', 'DYT5uL9BCXuuTRhQjnS', 'gYd9lW9iDH7akQMf5hd' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, yVGVPoVSuPbv6AWbEd.cs | High entropy of concatenated method names: 'mYKZRcWBCr', 'dUkZFpCUJL', 'S1qZblJeu9', 'P52ZwmpYTV', 'oVYZ1HEt7d', 'P5cZQOQiGK', 'GRBZ5eeoSZ', 'sXVZGvdm8K', 'aQRZ0xtlDj', 'DTZZm1G1YQ' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, MXYAaceiTdSH3B2Y4e.cs | High entropy of concatenated method names: 'FHJDNlS6Zr', 'h0gDnCq77G', 'j8xDSmYAKM', 'syiD16sMG1', 'rBqD5ohZpK', 'OcGDGN0VWE', 'qqaDmWa6Vk', 'QEvDMftEqp', 'ytoDRMpExj', 'bv2DiOttMs' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, oADqKGkUaYRyu9b1Sa.cs | High entropy of concatenated method names: 'g6aVSHfmrD', 'bZAV1SeN9c', 'GUCVQsWwJu', 'I7CV5iHgO8', 'avAVbNaHB3', 'RrVVGIW8iY', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, BFNdCoIqsUh76kjhGf.cs | High entropy of concatenated method names: 'Dispose', 'aErhg9YINI', 'F6br1fIuRD', 'VPm669cxus', 'gmHhpTl3Zm', 'XVshzcs4n1', 'ProcessDialogKey', 'oUFrfO6e6o', 'i60rhYe5yc', 'IZ5rrLhsRk' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, cXZFcOUmZWwIo86LW1.cs | High entropy of concatenated method names: 'AOKUaIT086', 'D6SU4L2sZv', 'FpHUNIisW9', 'c8XUnB2Pon', 'mtVUZp2Bw1', 'bibUWWkqQw', 'Uw5Ul3G9In', 'i9DUVdSCfu', 'LCyUJXg2uh', 'J3oUABWgYI' |
Source: 0.2.QSPC03PC230308097.exe.a400000.11.raw.unpack, Xuk8CuiJPjiclIovj4.cs | High entropy of concatenated method names: 'aFblPN3Rm8', 'L8Ul2uDsJc', 'ToString', 'xIVlEihTtU', 'wrvleDdFjx', 'kpalUBK1Dx', 'zAoljFoNIk', 'CwxlHCVVwQ', 'N2tlTPNcDj', 'Q4mlKWswVg' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, cmj53S8csZt3XY6dRV.cs | High entropy of concatenated method names: 'eRKJhslaLh', 'lDuJYh0f5t', 'QXJJ3EdRvC', 'RTMJElLuQa', 'blYJebbH1S', 'DMYJjj5NMI', 'jCuJHRWBQc', 'D9ZVIrfVel', 'EhkV8GJADB', 'O7WVgWHi8V' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, TpXh0oNQBlyJgLc5C3.cs | High entropy of concatenated method names: 'PoGjqKio7a', 'DRpjBLwnKa', 'VduUQNAKJT', 'HnoU55ZR5h', 'tf8UGwWU49', 'me4U0NBJ3p', 'L9RUmWlCCp', 'EgbUMF9EQg', 'Xh1UuJbS12', 'xeXURdD5gR' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, s5Xl7vFaad5FVXhONt.cs | High entropy of concatenated method names: 'y6iT7fXqee', 'rurTdIjP9i', 'sQITsbTkRr', 'iFUTa7Owhk', 'VbKTqsJXS0', 'rVhT41cFgZ', 'PF5TBUwO6h', 'fTETNKWo0E', 'BEjTnykmJI', 'B3TTXrLNCJ' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, AQ0H17BpUbyb4jWBs1.cs | High entropy of concatenated method names: 'sHjeb2FLXX', 'cIFewVhNdO', 'H31ekJT1dw', 'dtTeoOBDVB', 'cJaetPiX1y', 'nMpe9SDsal', 'D1veIhvqG4', 'DJJe8fSGSb', 'hYOegA3CWx', 'NBsepo9i4v' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, YQ3No54So1seQhpPbq.cs | High entropy of concatenated method names: 'y3qYCCb3Gj', 'SF9YEUTvpH', 'sqoYemuEhP', 'zcoYUKcboW', 'hLAYjedBhw', 'ib1YH8D9U6', 'un5YTiHsdc', 'hwgYKevTbw', 'FCnYLgVkXk', 'lJiYPDPwAW' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, mnnSSdz5Uqd8yUCfd1.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'VNKJDHY2Sx', 'qkIJZXmawq', 'rsaJWNvWa5', 'DfBJlXbmog', 'mspJV5PP2w', 'gWXJJcSiXG', 'LvrJAus05q' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, xnpUXHDdqZfbjeqoHI.cs | High entropy of concatenated method names: 'ToString', 'yibWioT18R', 'VjmW1bV0ti', 'CjNWQyWLIn', 'wNJW5M5jT0', 'TQxWGUKPaL', 'zv9W0lBl2n', 'D4AWm0D8Cm', 'AZWWMM8A6v', 'voHWumNelp' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, hPSI9mSbGZcCM6Ldy9.cs | High entropy of concatenated method names: 'LJ2HCMpps9', 'uGnHeAmGpX', 'fFZHjNMONU', 'EqtHTfDZaS', 'lXIHKfjLJ6', 'wHGjtEZt5W', 'PN7j91dVji', 'uDKjIobu3Z', 'dXfj8uA9vZ', 'rS0jgFtTsr' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, oIV0SM1qBhB6s6jHai.cs | High entropy of concatenated method names: 'vIRsA5dCh', 'mWwawUa03', 'c6y4SBP53', 'dh3BAWg8u', 'NtpnWAobe', 'nekX6F3E9', 's22uTx8vXfeRRfyI12', 'gsxjiInF7F80ZQtPro', 'd1gVNpP0s', 'OpTARrSEc' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, qUbqRjPH7QrggG59OrD.cs | High entropy of concatenated method names: 'fVSJ7dNcir', 'V6EJdVDkcD', 'RGLJsAbJQg', 'FJlJam3CJ0', 'XFLJqs5K8T', 'sLZJ4SYvFR', 'K3vJBPoxJa', 'KOvJNdvTNS', 'Y1jJnEONKn', 'TVQJXgHw42' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, J6cR8bTNlq40kMtptA.cs | High entropy of concatenated method names: 'Usrl8pIwnu', 'Y40lp3RrqM', 'owkVf42yPF', 'JxZVhCSyxy', 'zy5liq4Yjh', 'SjqlFbenSo', 'QpXlxlC995', 'XNPlb1iyVW', 'dhPlwI08J4', 'iTllksOQF1' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, BEqUxGqTXmMvtmq6dA.cs | High entropy of concatenated method names: 'x6iVE45svW', 'IpEVe3ECfy', 'IZlVUqs3XM', 'JuUVjGk0EW', 'bLMVHcmEnX', 'wpCVTQoPXs', 'SphVKF5AH4', 'oOvVLCQpU6', 'qD9VPJIi7R', 'pykV2PoChh' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, I9xY27PtDGHaqQTrh58.cs | High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XyrAb1IqIZ', 'w7VAwHipBZ', 'oSGAkIfmnR', 'W1RAoEbki9', 'ykmAtkPtCL', 'ouQA9H6yvN', 'TeiAITTEDs' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, S92TI73dKkC8UZqcIe.cs | High entropy of concatenated method names: 'EcxhTK3c80', 'rEZhKTiHKZ', 'zRwhPI63H2', 'RFlh28J3dE', 'QA1hZSZioY', 'AEhhWNd16A', 'dbEXSjXd76bTQu7Eqc', 'v4mUcUu1Gjby1v8RQ5', 'PM7hhFB8xZ', 'LXohYZHn1g' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, Do4G1BPPgsyM6eHqvGR.cs | High entropy of concatenated method names: 'ToString', 'zpLAYjFvR4', 'CrVA3pGUxt', 'w4JACQ1IY2', 'WO7AEY62VV', 'A9sAeA3Eba', 'xSkAUny3mi', 'prYAjiRtcv', 'DYT5uL9BCXuuTRhQjnS', 'gYd9lW9iDH7akQMf5hd' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, yVGVPoVSuPbv6AWbEd.cs | High entropy of concatenated method names: 'mYKZRcWBCr', 'dUkZFpCUJL', 'S1qZblJeu9', 'P52ZwmpYTV', 'oVYZ1HEt7d', 'P5cZQOQiGK', 'GRBZ5eeoSZ', 'sXVZGvdm8K', 'aQRZ0xtlDj', 'DTZZm1G1YQ' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, MXYAaceiTdSH3B2Y4e.cs | High entropy of concatenated method names: 'FHJDNlS6Zr', 'h0gDnCq77G', 'j8xDSmYAKM', 'syiD16sMG1', 'rBqD5ohZpK', 'OcGDGN0VWE', 'qqaDmWa6Vk', 'QEvDMftEqp', 'ytoDRMpExj', 'bv2DiOttMs' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, oADqKGkUaYRyu9b1Sa.cs | High entropy of concatenated method names: 'g6aVSHfmrD', 'bZAV1SeN9c', 'GUCVQsWwJu', 'I7CV5iHgO8', 'avAVbNaHB3', 'RrVVGIW8iY', 'Next', 'Next', 'Next', 'NextBytes' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, BFNdCoIqsUh76kjhGf.cs | High entropy of concatenated method names: 'Dispose', 'aErhg9YINI', 'F6br1fIuRD', 'VPm669cxus', 'gmHhpTl3Zm', 'XVshzcs4n1', 'ProcessDialogKey', 'oUFrfO6e6o', 'i60rhYe5yc', 'IZ5rrLhsRk' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, cXZFcOUmZWwIo86LW1.cs | High entropy of concatenated method names: 'AOKUaIT086', 'D6SU4L2sZv', 'FpHUNIisW9', 'c8XUnB2Pon', 'mtVUZp2Bw1', 'bibUWWkqQw', 'Uw5Ul3G9In', 'i9DUVdSCfu', 'LCyUJXg2uh', 'J3oUABWgYI' |
Source: 0.2.QSPC03PC230308097.exe.4e01aa0.8.raw.unpack, Xuk8CuiJPjiclIovj4.cs | High entropy of concatenated method names: 'aFblPN3Rm8', 'L8Ul2uDsJc', 'ToString', 'xIVlEihTtU', 'wrvleDdFjx', 'kpalUBK1Dx', 'zAoljFoNIk', 'CwxlHCVVwQ', 'N2tlTPNcDj', 'Q4mlKWswVg' |
Source: 0.2.QSPC03PC230308097.exe.31d2338.3.raw.unpack, R87QTajabri3WprdxA.cs | High entropy of concatenated method names: 'SoFXXYTXBr', 'VXePqW7LxoGttIrQMM', 'VJKqh4rSy8UE5CPs2d', 'w7T6rNymrPsVe05ZjX', 'Qa5usbZfG', 'UsaN6r2JI', 'Dispose', 'xdE70OV1R', 'WKG8Nh2TLfQX7DMBJq', 'FCyDZoO16YhsTUYx7V' |
Source: 0.2.QSPC03PC230308097.exe.31d2338.3.raw.unpack, I1Ds3abkUA5mh3kywv.cs | High entropy of concatenated method names: 'I6pnpGMEc', 'pUPSoKeTB', 'w3OonGh86', 'S3aaCOvyF', 'MagvcleIh', 'hvmph4XfL', 'eXtqEM8mO', 'RC38AH4Bb', 'hyVW2X9uL', 'AbHynsT40' |
Source: 0.2.QSPC03PC230308097.exe.31d2338.3.raw.unpack, AJO8kvyDr8qxYWB5Qt.cs | High entropy of concatenated method names: 'sRJJ4PC1lt6MgSX9oLN', 'qCuPUJCYMdGJYrcKdqj', 'T9OMNMJAsS', 'KH71sVC96gudd8OjhqS', 'qSoaq8CnboJYXbPCm1H', 'XtbiVDCeUWVlZdG2V08', 'D2TFRiCIaLSytg31rTE', 'MtxGm4CM57HGXUKQMIN', 'RgtTUJcyZL', 'eFmMT9Tlnp' |
Source: 0.2.QSPC03PC230308097.exe.31d2338.3.raw.unpack, QEHxtuXFnnkJABhbAo.cs | High entropy of concatenated method names: 'Geosg7Hdn', 'wwIBOnTmd', 'siWV4YECO', 'k32FNitut', 'cUAG5mh3k', 'JwvHwu9Dw', 'cr1hyajqeLqaQ4F9dK', 'Pgut89mcfAIn6Hs5oN', 'Dispose', 'MoveNext' |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Users\user\AppData\Local\Temp\chrome.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Windows\svchost.com | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\Au3Check.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Users\user\AppData\Local\Temp\chrome.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\Uninstall.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\Au3Info.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | File created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Windows\svchost.com | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\chrome.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Uninstall.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Users\user\Desktop\QSPC03PC230308097.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\QSPC03PC230308097.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |