Windows Analysis Report
SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe

Overview

General Information

Sample name: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe
Analysis ID: 1427719
MD5: 42dc58fbc7050c3e083ac79205a0aa75
SHA1: 65835ac4cc779cd165e8f5be406aaf7ca1e0124f
SHA256: 30af845f8599e256ce230a25bc8772b8da7c7ba019254de3534d0da70a9e9cc9
Tags: exe
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Machine Learning detection for dropped file
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: CurrentVersion Autorun Keys Modification
Too many similar processes found
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Avira: detected
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Avira: detection malicious, Label: HEUR/AGEN.1352426
Source: C:\Users\user\AppData\Local\Temp\setup.exe Avira: detection malicious, Label: HEUR/AGEN.1359405
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\huge[1].dat Avira: detection malicious, Label: HEUR/AGEN.1359405
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Pinball\Del.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\setup.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pinball Jump to behavior
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256f source: Pinball.exe, 00000006.00000002.3000073504.00000000067F2000.00000002.00000001.01000000.0000000D.sdmp, Newtonsoft.Json.dll.3.dr
Source: Binary string: *?|<>/":%s%s.dllC:\Users\user\AppData\Roaming\Pinball\Pinball.exeirewall.dlll.pdbC:\Users\user\AppData\Roaming\Pinball\Uninstall.exealll.dll source: setup.exe, 00000003.00000002.2812312785.000000000040A000.00000004.00000001.01000000.00000007.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\vulkan-1.dll.pdb source: vulkan-1.dll.3.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: Pinball.exe, Pinball.exe, 00000006.00000002.3000073504.00000000067F2000.00000002.00000001.01000000.0000000D.sdmp, Newtonsoft.Json.dll.3.dr
Source: Binary string: libEGL.dll.pdb source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bGlue.pdbd source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\vulkan-1.dll.pdb source: vulkan-1.dll.3.dr
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdb source: Pinball.exe, Pinball.exe, 00000008.00000002.2787979524.00000000063B2000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\Pinball\swiftshader\Xilium.CefGlue.pdb source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e:\work\newContent\secondBranch\new\Pinball\obj\Release\Pinball.pdb source: Pinball.exe, 00000006.00000000.2494820553.0000000000D12000.00000002.00000001.01000000.00000009.sdmp, Pinball.exe.3.dr
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdbSHA256 source: Pinball.exe, 00000008.00000002.2787979524.00000000063B2000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdbLK source: Pinball.exe, 00000008.00000002.2685490382.0000000005852000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\Pinball\swiftshader\Xilium.CefGlue.pdb@ source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdb source: Pinball.exe, Pinball.exe, 00000008.00000002.2685490382.0000000005852000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: Xilium.CefGlue.pdb source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \swiftshaderXilium.CefGlue.pdb source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Directory queried: number of queries: 1551
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_00405B6F CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_00405B6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_00406724 FindFirstFileA,FindClose, 0_2_00406724
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_004027AA FindFirstFileA, 0_2_004027AA
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 3_2_00405B4A CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 3_2_00405B4A
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 3_2_004066FF FindFirstFileA,FindClose, 3_2_004066FF
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 3_2_004027AA FindFirstFileA, 3_2_004027AA
Source: Pinball.exe, 0000000A.00000002.2602798625.00000000024C7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.install-stat.debug.world/clients/activity
Source: Pinball.exe, 0000000A.00000002.2602798625.00000000024C7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.install-stat.debug.world/clients/installs
Source: Pinball.exe, 0000000A.00000002.2602798625.00000000024C7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://bageyou.xyz
Source: Pinball.exe, 00000006.00000002.2612177500.0000000003197000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://bageyou.xyz/c/g
Source: Pinball.exe, 00000006.00000002.2612177500.0000000003197000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://bageyou.xyz/c/g4
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: es-419.pak.3.dr String found in binary or memory: http://ejemplo.com
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://james.newtonking.com/projects/json
Source: log4net.xml.3.dr String found in binary or memory: http://logging.apache.org/log4j
Source: Pinball.exe String found in binary or memory: http://logging.apache.org/log4ne
Source: Pinball.exe, 00000008.00000002.2685490382.0000000005852000.00000002.00000001.01000000.0000000B.sdmp, log4net.xml.3.dr String found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: log4net.xml.3.dr String found in binary or memory: http://logging.apache.org/log4net/schemas/log4net-events-1.2&gt;
Source: setup.exe, setup.exe, 00000003.00000000.2197898384.000000000040A000.00000008.00000001.01000000.00000007.sdmp, setup.exe, 00000003.00000003.2495031022.0000000000679000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000003.00000002.2812312785.000000000040A000.00000004.00000001.01000000.00000007.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://ocsp.digicert.com0K
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: Pinball.exe, 00000006.00000002.2612177500.0000000003488000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000003.2826167613.00000000005CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://spanchtoc.bond/22_2/huge.dat
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000002.2829240178.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000003.2826606682.00000000005DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000003.2826167613.00000000005CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://spanchtoc.bond/22_2/huge.dat-
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000002.2829154967.0000000000598000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000002.2828899365.000000000040A000.00000004.00000001.01000000.00000003.sdmp String found in binary or memory: http://spanchtoc.bond/22_2/huge.dat/SILENTgetOK
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000002.2829240178.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000003.2826606682.00000000005DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000003.2826167613.00000000005CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://spanchtoc.bond/22_2/huge.dat9
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000002.2829240178.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000003.2826606682.00000000005DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000003.2826167613.00000000005CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://spanchtoc.bond/22_2/huge.dati
Source: Pinball.exe, Pinball.exe, 00000008.00000002.2685490382.0000000005852000.00000002.00000001.01000000.0000000B.sdmp String found in binary or memory: http://www.apache.org/).
Source: Pinball.exe, Pinball.exe, 00000008.00000002.2685490382.0000000005852000.00000002.00000001.01000000.0000000B.sdmp String found in binary or memory: http://www.apache.org/licenses/
Source: Pinball.exe String found in binary or memory: http://www.apache.org/licenses/LICEN
Source: Pinball.exe, 00000008.00000002.2685490382.0000000005852000.00000002.00000001.01000000.0000000B.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: log4net.xml.3.dr String found in binary or memory: http://www.connectionstrings.com/
Source: log4net.xml.3.dr String found in binary or memory: http://www.faqs.org/rfcs/rfc3164.html.
Source: log4net.xml.3.dr String found in binary or memory: http://www.iana.org/assignments/multicast-addresses
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: bn.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=bn&category=theme81https://myactivity.google.com/myactivity/?u
Source: bn.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=bnCtrl$1
Source: de.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=de&category=theme81https://myactivity.google.com/myactivity/?u
Source: de.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=deStrg$1
Source: el.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=el&category=theme81https://myactivity.google.com/myactivity/?u
Source: el.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=elCtrl$1
Source: es.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=es&category=theme81https://myactivity.google.com/myactivity/?u
Source: es-419.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=es-419&category=theme81https://myactivity.google.com/myactivit
Source: es-419.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=es-419Ctrl$1
Source: es.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=esCtrl$1
Source: hi.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=hi&category=theme81https://myactivity.google.com/myactivity/?u
Source: hi.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=hiCtrl$1
Source: hu.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=hu&category=theme81https://myactivity.google.com/myactivity/?u
Source: hu.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=huCtrl$1
Source: ja.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=ja&category=theme81https://myactivity.google.com/myactivity/?u
Source: ja.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=jaCtrl$1
Source: lv.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=lv&category=theme81https://myactivity.google.com/myactivity/?u
Source: lv.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=lvCtrl$1
Source: pl.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=pl&category=theme81https://myactivity.google.com/myactivity/?u
Source: pl.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=plCtrl$1
Source: sk.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=sk&category=theme81https://myactivity.google.com/myactivity/?u
Source: sk.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=skCtrl$1
Source: te.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u
Source: te.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=teCtrl$1
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=tr&category=theme81https://myactivity.google.com/myactivity/?u
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=urCtrl$2
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=viCtrl$1
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CNCtrl$1
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, zh-TW.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, zh-TW.pak.3.dr String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TWCtrl$1
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: es-419.pak.3.dr String found in binary or memory: https://ejemplo.com.Se
Source: Newtonsoft.Json.xml.3.dr String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json/issues/652
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://myactivity.google.com/
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, sk.pak.3.dr, el.pak.3.dr String found in binary or memory: https://passwords.google.com
Source: es-419.pak.3.dr String found in binary or memory: https://passwords.google.comCuenta
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, te.pak.3.dr, zh-TW.pak.3.dr, lv.pak.3.dr, bn.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://passwords.google.comGoogle
Source: de.pak.3.dr String found in binary or memory: https://passwords.google.comGoogle-KontoF
Source: pl.pak.3.dr String found in binary or memory: https://passwords.google.comKonta
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comT
Source: es.pak.3.dr String found in binary or memory: https://passwords.google.comcuenta
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://policies.google.com/
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: es.pak.3.dr String found in binary or memory: https://support.google.com/chrome/answer/6098869?hl=es
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, de.pak.3.dr, te.pak.3.dr, zh-TW.pak.3.dr, es.pak.3.dr, lv.pak.3.dr, sk.pak.3.dr, pl.pak.3.dr, bn.pak.3.dr, es-419.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr, hu.pak.3.dr String found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: Pinball.exe, Pinball.exe, 00000008.00000002.2703074661.0000000005896000.00000002.00000001.01000000.0000000B.sdmp, Pinball.exe, 00000008.00000002.2685490382.0000000005852000.00000002.00000001.01000000.0000000B.sdmp String found in binary or memory: https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1
Source: de.pak.3.dr String found in binary or memory: https://www.beispiel.de
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp, te.pak.3.dr, zh-TW.pak.3.dr, bn.pak.3.dr, hi.pak.3.dr, ja.pak.3.dr, el.pak.3.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&
Source: de.pak.3.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&HilfeVon
Source: hu.pak.3.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&S
Source: es-419.pak.3.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlA&yudaAdministrado
Source: es.pak.3.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlAy&udaGestionado
Source: lv.pak.3.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlP&al
Source: sk.pak.3.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlP&omocn
Source: pl.pak.3.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlPomo&cZarz
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT&r
Source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlYar&d
Source: Newtonsoft.Json.dll.3.dr String found in binary or memory: https://www.newtonsoft.com/json
Source: Newtonsoft.Json.xml.3.dr String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: Pinball.exe, Pinball.exe, 00000006.00000002.3000073504.00000000067F2000.00000002.00000001.01000000.0000000D.sdmp, Newtonsoft.Json.dll.3.dr String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_0040560C GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_0040560C
Too many similar processes found
Source: Pinball.exe Process created: 65
Contains functionality to call native functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary, 0_2_100010D0
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_004034F1 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004034F1
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 3_2_004034CC EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 3_2_004034CC
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_004073D5 0_2_004073D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_00406BFE 0_2_00406BFE
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 3_2_00406A88 3_2_00406A88
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 6_2_02F94F58 6_2_02F94F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 6_2_02F91049 6_2_02F91049
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 6_2_05AA5F38 6_2_05AA5F38
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 6_2_05AA6808 6_2_05AA6808
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 6_2_05AA57F0 6_2_05AA57F0
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 6_2_05AA7B20 6_2_05AA7B20
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 6_2_05AA7B11 6_2_05AA7B11
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 6_2_067E2F88 6_2_067E2F88
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 8_2_01634F58 8_2_01634F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 9_2_02704F58 9_2_02704F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 10_2_021F4F58 10_2_021F4F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 10_2_021F3860 10_2_021F3860
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 13_2_00934F58 13_2_00934F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 13_2_00933860 13_2_00933860
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 15_2_014D4F58 15_2_014D4F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 15_2_014D3860 15_2_014D3860
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 15_2_014D44C9 15_2_014D44C9
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 15_2_014D1049 15_2_014D1049
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 18_2_02ED4F58 18_2_02ED4F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 18_2_02ED3860 18_2_02ED3860
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 18_2_02ED1049 18_2_02ED1049
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 24_2_00984F58 24_2_00984F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 24_2_00983860 24_2_00983860
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 31_2_00B04F58 31_2_00B04F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 31_2_00B03865 31_2_00B03865
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 31_2_00B01049 31_2_00B01049
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 35_2_00904F58 35_2_00904F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 35_2_00903860 35_2_00903860
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 36_2_00C14F58 36_2_00C14F58
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 36_2_00C13860 36_2_00C13860
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Local\Temp\nsc77A8.tmp\liteFirewall.dll 9DB9C58E44DFF2D985DC078FDBB7498DCC66C4CC4EB12F68DE6A98A5D665ABBD
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000002.2828899365.000000000040A000.00000004.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameinetc.dllF vs SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe
Uses 32bit PE files
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Ionic.Zip.dll.3.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformBlock'
Source: Ionic.Zip.dll.3.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformFinalBlock'
Source: Ionic.Zip.dll.3.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
Source: Pinball.exe.3.dr, Program.cs Base64 encoded string: 'PbKYnAXFjmXMZd3NoJSLsM30ZbUHxux5Ujmpl/n9oZQR9xGOSDPZyamOb9997obt', 'SZAnxei/3m2LcNNbjWTpSqnOfmpY8dHs/ljzvygy50D/wxmy+bqOWrY/qZBB2/XZ0obYqlYv8ulp/VXeplnRA5KMax4BzSqkU7NvSwfjOOw4x+u1kTaylhH+P1PxOiaRcpVpr7Ttt/95waEjxOQYCz332qwO9ljMmlKednb8KYEUpEszW6I8jihe5piPLINt+d88UVG0dD1/QdRmzmTd5dlZZyP8ZeoseT9aGh9m2EN8W707IdNf2r+KacehhS5pQIr174Gclz7V4GAr9SIKL06GLWq0ew6wHablTf0Ce4xBKFdDnv0SMCYwO93u7fN1ylS1QDg3vH1TJm06pEpncStcr1DpgR5EJoS+K65VPwiaMNi2FhXcMjljOH2L3yvIwTKCcIIXJxgZKh8gmsLOmNQy2g4h+tiPBcmHjSbyXhg5QucTYIMgse3VKPcGqKqQm7Q1llpLedscAviZrCpmeLbqLUuFen21/8UHuZUx9moCvaUYmbXSesVSXmr3lppHD17QnTcYyfQGjhKnIyUcF+JsYrvjmlHE33sl5sYSTHVCplyElBOyWWLYIsvH+iBMIHXHfJoaR5PWjQmGSR6TGxY9OYuSXnQBwgL/a1pEGSni28wcBTYoMgQiGa4TBVbhXuArYzvSu+EsVURTMAP8IWwfzVIpiPF3fRKjh4N//xsfBeNu7Y5/DZbR6rSE4KnRN0SECRCqXD1dxKPyyMt1YrhkedlGHoSbCxwtESstU9h1AFr3gvlw6HpxTLbOhBeLh6jId7WcpaYR0Fwg03TPr8GfLPHprlCUHwoKMlpKeMszrwnoWdf60FdSFXuMw7Ee', 'mtSOo2SpyVk+k5CXwxIuHscbRBjkvR5KkQSdfOADDFKdVa+v9IkYBYBslnZACRdVd2ep5gJICvb8I3M36edRvk2YJS49oHCaG3FKaUjn3Ib/1Ab+LoBSh5iO/vRTe7m3JVKCUg61tMtb1oHCgww5IBGoGHTLxbBThOomXEkN+h/f18kP28pt5GqGNKnb6LzxhPKRR31waVUo2sj/tZPaBoENNkPTlMcjucNzdAAXeryjRPvoF3Cv3ufxoEpPtYbljlYTyDqLZDvuamgDYdP9l8mrFWr06YyUG1STwPkNG1CmiJ01NizwoIHJ1MHqPGE9xfcSAJ++wU0JeIYzz+zs9M233rFT6Ae2MboUuM0xonDGg6o4NX/7XSGq6/qNX2eAPGYhNWp5FfOdVyTje10lPoGY0VOYNiwh6SbJnfuPu2TnGA0vk6QvacGAISAb+1k7AMUjIa4ppPjl7XqeURGAysO3te7aoy8gtUIN98TwHfHz72aLTJLBHhtI1zPEHOgtnzEawwui7m/2shu9+9sqUOu99jGhpmbQhI8T4jS72SKG48MW187w77IL1PokOhX/fsEmTSW/a/UWG4+8S+y+vZGlxrUC/e27o8BT7jJozZZ+DdfudTInsRMjCESDvhUucNfgB5T+yMyp5KkESfrXelqnsVia83WxeVWyk1wy13g=', 'pobB+Al9MzJ2OyJsvBhglMHMiAobQmUnDZHcJBpTt9EZGUgZgx4UruobTzqMLmLDvms3Jax0Lu8EYu3shwLXZkZODYu4BtqU02uhiHGaFLu8rYbzh/lDj9yGB5C4pRtINU2a5P9ADw1IDi941W5/iO8DtNRvpgYv1w8Q09+Yc0VIT2Ztodcwo3KMB4ZS5q2h2ckNb7/EEmQqv5Gf6Y22rAG0GjCnoc4nlaVan/Rfn3DHXN3yl1i/TFY7RianEYH/hvQbx6dlWTJHk24bovFySbxsLtR7o4WDGDSvq4K/zihlA9TDvwVre/cXNd1CNrm4tvLJWxvVqPcyG5DPFPcqWw==', 'Mr4CNglnCLGWewiQ4qgO2B5oIL7myK5pGa8ocKfa+h6/yLC+f8N5fDrZ6tzEtbIp2J9mnYK0y1wlx8yQWqQcHnml3zRcz5hB6mxSdKeYV2s=', 'oGCeB6v7vge1PX2RGTLixRW1LgrGgYfWJAz65J6WcmJA4c45r6qgTRaPj9xx1XPd', 'pobB+Al9MzJ2OyJsvBhglPi8iw+pg04ckNac5EyhhZVfVc4b9ucE9OvDVCxMyC8iYxDAXZA1FhAfeh3gKD11CMOCz7VngOi/dBoPmOy9YZU=', 'Ih92IURmtMPF5AoxpkGC9YzytAiLSVr2xfeb8NC97GCiinjUhxciARDwPkJLURB3', 'mH6AunB3p5zt3lhf+am1iwskYv2gUXA5zKNJTFsPVbZEhXEPm8Gj0v0dzKwPrP6j', 'tX3OhIohnN7Cngcyjxd9LQj+/YZTiqWrRNEBOAcyntKJkxvSVQ0vcBYIA4Lopl8I', 'wv56Dsyu30UVtEG0/Hdi0uiWTSCflxuzhJBIJDsH2oGkAWpj8V+lWDuMkmlbKQnV', 'pobB+Al9MzJ2OyJsvBhglE/lxc0T9Gd6ojVRINAOPy9YEXk6X+H9uVjltDxVbuxS9hW3pfEVqP2sXtPna7Wmnw==', 'GX19rXg4s9SSWf/bNW82zAeuhscRevXAvK4zbbDBuKScDaY4IBO0yJI/mLdoO+y+XMF9YJnpyypz+duXmT7OLQ==', 'GX19rXg4s9SSWf/bNW82zAeuhscRevXAvK4zbbDBuKQHqU4v5Upg9FE5cHzTNfM13nAzYdfFgXZJKtmvyitkOA=='
Source: classification engine Classification label: mal60.winEXE@266/99@0/2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_004034F1 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004034F1
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 3_2_004034CC EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 3_2_004034CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_004048BC GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 0_2_004048BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_00402173 CoCreateInstance,MultiByteToWideChar, 0_2_00402173
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe File created: C:\Users\user\AppData\Roaming\Pinball Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Mutant created: \Sessions\1\BaseNamedObjects\C__Users_user_AppData_Roaming_Pinball_Logs_mainLog.txt
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe File created: C:\Users\user\AppData\Local\Temp\nsvCE85.tmp Jump to behavior
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe "C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Process created: C:\Users\user\AppData\Local\Temp\setup.exe "C:\Users\user\AppData\Local\Temp\setup.exe"
Source: C:\Users\user\AppData\Local\Temp\setup.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe C:\Users\user\AppData\Roaming\Pinball\Pinball.exe
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Process created: C:\Users\user\AppData\Local\Temp\setup.exe "C:\Users\user\AppData\Local\Temp\setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Section loaded: sppc.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pinball Jump to behavior
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdbSHA256f source: Pinball.exe, 00000006.00000002.3000073504.00000000067F2000.00000002.00000001.01000000.0000000D.sdmp, Newtonsoft.Json.dll.3.dr
Source: Binary string: *?|<>/":%s%s.dllC:\Users\user\AppData\Roaming\Pinball\Pinball.exeirewall.dlll.pdbC:\Users\user\AppData\Roaming\Pinball\Uninstall.exealll.dll source: setup.exe, 00000003.00000002.2812312785.000000000040A000.00000004.00000001.01000000.00000007.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\vulkan-1.dll.pdb source: vulkan-1.dll.3.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net40/Newtonsoft.Json.pdb source: Pinball.exe, Pinball.exe, 00000006.00000002.3000073504.00000000067F2000.00000002.00000001.01000000.0000000D.sdmp, Newtonsoft.Json.dll.3.dr
Source: Binary string: libEGL.dll.pdb source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bGlue.pdbd source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\vulkan-1.dll.pdb source: vulkan-1.dll.3.dr
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdb source: Pinball.exe, Pinball.exe, 00000008.00000002.2787979524.00000000063B2000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\Pinball\swiftshader\Xilium.CefGlue.pdb source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: e:\work\newContent\secondBranch\new\Pinball\obj\Release\Pinball.pdb source: Pinball.exe, 00000006.00000000.2494820553.0000000000D12000.00000002.00000001.01000000.00000009.sdmp, Pinball.exe.3.dr
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdbSHA256 source: Pinball.exe, 00000008.00000002.2787979524.00000000063B2000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdbLK source: Pinball.exe, 00000008.00000002.2685490382.0000000005852000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\Users\user\AppData\Roaming\Pinball\swiftshader\Xilium.CefGlue.pdb@ source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdb source: Pinball.exe, Pinball.exe, 00000008.00000002.2685490382.0000000005852000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: Xilium.CefGlue.pdb source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \swiftshaderXilium.CefGlue.pdb source: setup.exe, 00000003.00000002.2813211884.000000000061A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: setup.exe, 00000003.00000002.2813732712.0000000002877000.00000004.00000020.00020000.00000000.sdmp
Binary contains a suspicious time stamp
Source: Xilium.CefGlue.dll.3.dr Static PE information: 0xD6DBC1CA [Fri Mar 24 08:50:18 2084 UTC]
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary, 0_2_100010D0
PE file contains sections with non-standard names
Source: libEGL.dll.3.dr Static PE information: section name: .00cfg
Source: libEGL.dll.3.dr Static PE information: section name: .voltbl
Source: libGLESv2.dll.3.dr Static PE information: section name: .00cfg
Source: libGLESv2.dll.3.dr Static PE information: section name: .voltbl
Source: chrome_elf.dll.3.dr Static PE information: section name: .00cfg
Source: chrome_elf.dll.3.dr Static PE information: section name: .crthunk
Source: chrome_elf.dll.3.dr Static PE information: section name: CPADinfo
Source: chrome_elf.dll.3.dr Static PE information: section name: malloc_h
Source: libEGL.dll0.3.dr Static PE information: section name: .00cfg
Source: libGLESv2.dll0.3.dr Static PE information: section name: .00cfg
Source: libcef.dll.3.dr Static PE information: section name: .00cfg
Source: libcef.dll.3.dr Static PE information: section name: .rodata
Source: libcef.dll.3.dr Static PE information: section name: CPADinfo
Source: libcef.dll.3.dr Static PE information: section name: malloc_h
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 6_2_067E21C0 push es; retf 6_2_067E2246
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 13_2_009330ED pushfd ; iretd 13_2_009330F2
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 15_2_014D30ED pushfd ; iretd 15_2_014D30F2
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 18_2_02ED30ED pushfd ; iretd 18_2_02ED30F2
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 24_2_009830ED pushfd ; iretd 24_2_009830F2
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 31_2_00B030ED pushfd ; iretd 31_2_00B030F2
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 35_2_009030ED pushfd ; iretd 35_2_009030F2
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Code function: 36_2_00C130ED pushfd ; iretd 36_2_00C130F2
Source: Ionic.Zip.dll.3.dr Static PE information: section name: .text entropy: 6.821349263259562
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\log4net.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\Ionic.Zip.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe File created: C:\Users\user\AppData\Local\Temp\nslCE97.tmp\INetC.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe File created: C:\Users\user\AppData\Local\Temp\setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\swiftshader\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\widevinecdmadapter.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe File created: C:\Users\user\AppData\Local\Temp\nslCE97.tmp\nsProcess.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\libcef.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\huge[1].dat Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\swiftshader\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Local\Temp\nsc77A8.tmp\liteFirewall.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\d3dcompiler_43.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\Uninstall.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\Del.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\chrome_elf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\Pinball\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Pinball Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Pinball Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process information set: NOOPENFILEERRORBOX
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2F90000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3140000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2FC0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3130000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3290000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 5290000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 1630000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3210000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 5210000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 26A0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 28E0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2830000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 21F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2470000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4470000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 1770000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3310000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3260000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 930000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2410000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4410000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2A00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2D30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2A30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 11D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2D70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2B10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: D70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2880000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: D70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 1230000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2C70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4D70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2E90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3010000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 5010000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 1270000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2FA0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2E10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2770000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2A00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2770000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: CC0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2600000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4600000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: F60000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 28F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 48F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2790000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2A30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2790000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 980000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 24D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4610000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 8F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2470000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4470000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2D20000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2EC0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4EC0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 16F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 30C0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2FC0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2820000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2A30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4A30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 1650000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3400000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 1C10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: B00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 28B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2710000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3000000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3190000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 3000000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2C90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2E40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4E40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 29B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2B70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 4B70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 900000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2510000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2300000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: C10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 28E0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 27F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 1250000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2D40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2C80000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2EA0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 30B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2ED0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 2830000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 29F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: 49F0000 memory reserve | memory write watch
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Thread delayed: delay time: 600000 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\log4net.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\Ionic.Zip.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCE97.tmp\INetC.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\swiftshader\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\widevinecdmadapter.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\libcef.dll Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCE97.tmp\nsProcess.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\swiftshader\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsc77A8.tmp\liteFirewall.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\Uninstall.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\d3dcompiler_43.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\Del.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\chrome_elf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Pinball\libEGL.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe TID: 6880 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe TID: 5052 Thread sleep time: -120000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_00405B6F CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_00405B6F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_00406724 FindFirstFileA,FindClose, 0_2_00406724
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_004027AA FindFirstFileA, 0_2_004027AA
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 3_2_00405B4A CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 3_2_00405B4A
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 3_2_004066FF FindFirstFileA,FindClose, 3_2_004066FF
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 3_2_004027AA FindFirstFileA, 3_2_004027AA
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Thread delayed: delay time: 600000 Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Thread delayed: delay time: 120000 Jump to behavior
Source: Pinball.exe, 00000021.00000002.2896869674.0000000001257000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}&
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000002.2829240178.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000002.2829277192.0000000000606000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000003.2826606682.00000000005DC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000003.2826167613.00000000005CE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, 00000000.00000002.2829277192.0000000000606000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW?p
Source: Pinball.exe, 00000021.00000002.2896869674.0000000001257000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\yH
Source: Pinball.exe, 00000006.00000002.3012247116.00000000069A6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\setup.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_100010D0 GetVersionExA,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,WideCharToMultiByte,lstrcmpiA,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenA,lstrcpynA,lstrcmpiA,CloseHandle,FreeLibrary, 0_2_100010D0
Enables debug privileges
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe "C:\Users\user\AppData\Roaming\Pinball\Pinball.exe"
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Process created: unknown unknown
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Newtonsoft.Json.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Users\user\AppData\Roaming\Pinball\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\Desktop\SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe Code function: 0_2_004034F1 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004034F1
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Source: C:\Users\user\AppData\Roaming\Pinball\Pinball.exe Directory queried: number of queries: 1551
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1427719 Sample: SecuriteInfo.com.Heuristic.... Startdate: 18/04/2024 Architecture: WINDOWS Score: 60 78 Antivirus detection for dropped file 2->78 80 Antivirus / Scanner detection for submitted sample 2->80 82 Machine Learning detection for dropped file 2->82 10 SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe 4 33 2->10         started        14 Pinball.exe 2->14         started        process3 dnsIp4 74 104.21.75.251 CLOUDFLARENETUS United States 10->74 64 C:\Users\user\AppData\Local\Temp\setup.exe, PE32 10->64 dropped 66 C:\Users\user\AppData\Local\...\huge[1].dat, PE32 10->66 dropped 68 C:\Users\user\AppData\Local\...\nsProcess.dll, PE32 10->68 dropped 70 C:\Users\user\AppData\Local\...\INetC.dll, PE32 10->70 dropped 16 setup.exe 9 112 10->16         started        file5 process6 file7 56 C:\Users\user\AppData\...\vulkan-1.dll, PE32 16->56 dropped 58 C:\Users\user\AppData\...\vk_swiftshader.dll, PE32 16->58 dropped 60 C:\Users\user\AppData\...\libGLESv2.dll, PE32 16->60 dropped 62 16 other files (13 malicious) 16->62 dropped 76 Antivirus detection for dropped file 16->76 20 Pinball.exe 18 8 16->20         started        signatures8 process9 dnsIp10 72 104.21.45.251 CLOUDFLARENETUS United States 20->72 84 Antivirus detection for dropped file 20->84 86 Machine Learning detection for dropped file 20->86 24 Pinball.exe 4 20->24         started        26 Pinball.exe 2 20->26         started        28 Pinball.exe 2 20->28         started        30 2 other processes 20->30 signatures11 process12 process13 32 Pinball.exe 24->32         started        34 Pinball.exe 24->34         started        36 Pinball.exe 24->36         started        38 12 other processes 24->38 process14 40 Pinball.exe 32->40         started        42 Pinball.exe 32->42         started        44 Pinball.exe 32->44         started        52 3 other processes 32->52 46 Pinball.exe 34->46         started        48 Pinball.exe 34->48         started        50 Pinball.exe 34->50         started        54 3 other processes 34->54
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.45.251
 unknown United States
13335 CLOUDFLARENETUS false
104.21.75.251
 unknown United States
13335 CLOUDFLARENETUS false