Windows Analysis Report
DTLite1200-2126.exe

Overview

General Information

Sample name: DTLite1200-2126.exe
Analysis ID: 1428488
MD5: 418747f6c138cef786bb250b9d8b655d
SHA1: d497cfc9b09438c152812c92931255865a7bb003
SHA256: 524786246019f9e19f329297eb933d574ebb672eebd7104b4756d2004967f6f0
Infos:

Detection

Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Compliance

Score: 64
Range: 0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Changes security center settings (notifications, updates, antivirus, firewall)
Creates an undocumented autostart registry key
Creates files in the system32 config directory
Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
Tries to detect virtualization through RDTSC time measurements
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Enables driver privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sigma detected: Classes Autorun Keys Modification
Sigma detected: CurrentVersion Autorun Keys Modification
Stores large binary data to the registry

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dll Virustotal: Detection: 15% Perma Link
Multi AV Scanner detection for submitted file
Source: DTLite1200-2126.exe ReversingLabs: Detection: 33%
Source: DTLite1200-2126.exe Virustotal: Detection: 18% Perma Link

Compliance
barindex
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTLite.exe.config
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTAgent.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTHelper.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTLite.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTShl64.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Engine.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\imgengine.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\QuickConverter.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\sptdintf.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\VDriveLib.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTShl.propdesc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Profiles.ini
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTShl32.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Extractor.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\uninst.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\ARA.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\CHS.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\CSY.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\DEU.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\ENU.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\ESN.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\FIN.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\FRA.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\HEB.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\HUN.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\HYE.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\ITA.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\JPN.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\KOR.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\LVI.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\PLK.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\PTB.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\PTP.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\RUS.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\TRK.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\UKR.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\inst
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\inst\setuphlp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\inst\sptdintf.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.inf
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.inf
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite
Source: DTLite1200-2126.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.160.45.150:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 3.162.93.143:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 161.35.103.80:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 161.35.103.80:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.64.145.29:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: DTLite1200-2126.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking
barindex
Yara detected Generic Downloader
Source: Yara match File source: 00000003.00000002.2797292761.00000000085A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown DNS traffic detected: queries for: secure.disc-soft.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown HTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.160.45.150:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 3.162.93.143:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 161.35.103.80:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 161.35.103.80:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.64.145.29:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49735 version: TLS 1.2
Drops certificate files (DER)
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\SET526E.tmp Jump to dropped file
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat Jump to dropped file
Creates driver files
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
Creates files inside the driver directory
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}
Creates files inside the system directory
Source: C:\Windows\System32\svchost.exe File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_1e9e0203e659905c
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\inf\oem4.inf
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\drivers\SET2EB6.tmp
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\drivers\SET2EB6.tmp
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_c60bb6f964925bc7
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\DriverStore\drvstore.tmp
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\inf\oem5.inf
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\drivers\SET83EA.tmp
Source: C:\Windows\System32\drvinst.exe File created: C:\Windows\System32\drivers\SET83EA.tmp
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B179347615B32FE859CEABBE50C3EE6_26B6C6D99327AD2BC8D8227F7F6CAF3E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3B179347615B32FE859CEABBE50C3EE6_26B6C6D99327AD2BC8D8227F7F6CAF3E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D7833C286363AD25C70511661A83D581_3557B2296D2E2C94AED9D1D96EBF2B6E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D7833C286363AD25C70511661A83D581_3557B2296D2E2C94AED9D1D96EBF2B6E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3538626A1FCCCA43C7E18F220BDD9B02
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3538626A1FCCCA43C7E18F220BDD9B02
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E6286BA49003BA567AB6681F1333DB4
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E6286BA49003BA567AB6681F1333DB4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe File created: C:\Windows\Microsoft.NET\ngennicupdatelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_32\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9b7df5e92f99ac776a0aafa426a0223a
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9b7df5e92f99ac776a0aafa426a0223a\System.ServiceModel.ni.dll.aux.tmp
Deletes files inside the Windows folder
Source: C:\Windows\System32\drvinst.exe File deleted: C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}\SET525.tmp
Enables driver privileges
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process token adjusted: Load Driver
Enables security privileges
Source: C:\Windows\System32\svchost.exe Process token adjusted: Security
Source: classification engine Classification label: mal80.troj.evad.winEXE@172/80@8/311
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3752:120:WilError_03
Source: C:\Windows\System32\drvinst.exe Mutant created: \BaseNamedObjects\DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\{BBCE738A-D4CB-4da8-99D2-7DC90CB671EF}
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\{DD0AB876-4899-42B4-BD68-0E7B03D5392F}
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:5556:120:WilError_03
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Mutant created: \BaseNamedObjects\DiscSoftBusServiceMutex
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Mutant created: \Sessions\1\BaseNamedObjects\DiscSoftBusServiceMutex
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Mutant created: \BaseNamedObjects\Global\discsoft_virtual_scsi_bus_mutex_19659239224E364682FA4BAF72C53EA4
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\{9c5c35e6-8462-455b-afd1-0ffcee756a74}
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Mutant created: \Sessions\1\BaseNamedObjects\MUTEX_PRODUCT
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\{337AF885-2FD3-4211-B923-019538619506}
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\discsoft_virtual_scsi_bus_mutex_19659239224E364682FA4BAF72C53EA4
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:724:120:WilError_03
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\discsoft_virtual_usb_bus_mutex_19659239224E364682FA4BAF72C53EA4
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\{20BF2A7B-EC9D-4921-8E83-3B3BCB33074A}
Source: C:\Users\user\Desktop\DTLite1200-2126.exe File created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP
Source: DTLite1200-2126.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: DTLite1200-2126.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\DTLite1200-2126.exe File read: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: DTLite1200-2126.exe ReversingLabs: Detection: 33%
Source: DTLite1200-2126.exe Virustotal: Detection: 18%
Source: unknown Process created: C:\Users\user\Desktop\DTLite1200-2126.exe "C:\Users\user\Desktop\DTLite1200-2126.exe"
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe "C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe"
Source: unknown Process created: C:\Users\user\Desktop\DTLite1200-2126.exe "C:\Users\user\Desktop\DTLite1200-2126.exe"
Source: unknown Process created: C:\Users\user\Desktop\DTLite1200-2126.exe "C:\Users\user\Desktop\DTLite1200-2126.exe"
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe "C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" /Service
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{343eae17-3dcd-9e48-a925-7d15f6c4544d}\dtlitescsibus.inf" "9" "47b4131af" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "c:\program files\daemon tools lite"
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\SCSIADAPTER\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:f5fe8c81ebc2f07d:Install:5.29.0.0:root\dtlitescsibus," "47b4131af" "0000000000000188"
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\dtliteusbbus.inf" "9" "42e124347" "0000000000000198" "WinSta0\Default" "00000000000001A0" "208" "c:\program files\daemon tools lite"
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\USB\0000" "C:\Windows\INF\oem5.inf" "oem5.inf:f5fe8c81ebc2f07d:Install:3.6.0.0:root\dtliteusbbus," "42e124347" "0000000000000198"
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" /Service
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl32.dll"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Process created: C:\Windows\System32\conhost.exe
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Windows\System32\svchost.exe Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{343eae17-3dcd-9e48-a925-7d15f6c4544d}\dtlitescsibus.inf" "9" "47b4131af" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "c:\program files\daemon tools lite"
Source: C:\Windows\System32\svchost.exe Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\SCSIADAPTER\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:f5fe8c81ebc2f07d:Install:5.29.0.0:root\dtlitescsibus," "47b4131af" "0000000000000188"
Source: C:\Windows\System32\svchost.exe Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\dtliteusbbus.inf" "9" "42e124347" "0000000000000198" "WinSta0\Default" "00000000000001A0" "208" "c:\program files\daemon tools lite"
Source: C:\Windows\System32\svchost.exe Process created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\USB\0000" "C:\Windows\INF\oem5.inf" "oem5.inf:f5fe8c81ebc2f07d:Install:3.6.0.0:root\dtliteusbbus," "42e124347" "0000000000000198"
Source: unknown Process created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTLite.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 20c -Pipe 210 -Comment "NGen Worker Process"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTAgent.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1bc -InterruptEvent 0 -NGENProcess 21c -Pipe 184 -Comment "NGen Worker Process"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DiscSoft.NET.Common.dll"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 204 -Pipe 218 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2e8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 310 -Pipe 2cc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 0 -NGENProcess 36c -Pipe 30c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 374 -Pipe 378 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 390 -Pipe 39c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 33c -Pipe 358 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 37c -Pipe 394 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ac -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 390 -Pipe 3b8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3cc -Pipe 3c4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 354 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 2e4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 38c -Pipe 3b0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 36c -Pipe 2a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 2d0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3dc -Pipe 384 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3bc -Pipe 29c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 310 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 418 -Pipe 408 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 0 -NGENProcess 418 -Pipe 3d8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 420 -Pipe 41c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3f8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3e4 -Pipe 414 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 344 -Pipe 3bc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 0 -NGENProcess 3ec -Pipe 338 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 404 -Pipe 2f0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 424 -Pipe 3c8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 3cc -Pipe 3d0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ec -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 36c -Pipe 404 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 36c -Pipe 370 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 40c -Pipe 424 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3f0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 328 -Pipe 40c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 36c -Comment "NGen Worker Process"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl32.dll"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 410 -Pipe 424 -Comment "NGen Worker Process"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTLite.exe"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTAgent.exe"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DiscSoft.NET.Common.dll"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 418 -Pipe 3e4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 390 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3e8 -Pipe 364 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 428 -Pipe 3e8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2ec -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 388 -Pipe 340 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 0 -NGENProcess 434 -Pipe 428 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 0 -NGENProcess 348 -Pipe 430 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 440 -InterruptEvent 0 -NGENProcess 448 -Pipe 2b0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3c0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 43c -InterruptEvent 0 -NGENProcess 3d4 -Pipe 21c -Comment "NGen Worker Process"
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 450 -InterruptEvent 0 -NGENProcess 434 -Pipe 44c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 454 -InterruptEvent 0 -NGENProcess 42c -Pipe 390 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 374 -Pipe 3cc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 434 -Pipe 364 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 444 -Pipe 3e0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 0 -NGENProcess 464 -Pipe 478 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 0 -NGENProcess 33c -Pipe 47c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 470 -InterruptEvent 0 -NGENProcess 494 -Pipe 3a8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 0 -NGENProcess 488 -Pipe 480 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 204 -Pipe 218 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2e8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 310 -Pipe 2cc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 0 -NGENProcess 36c -Pipe 30c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 374 -Pipe 378 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 390 -Pipe 39c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 33c -Pipe 358 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 37c -Pipe 394 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ac -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 390 -Pipe 3b8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3cc -Pipe 3c4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 354 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 2e4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 38c -Pipe 3b0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 36c -Pipe 2a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 2d0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3dc -Pipe 384 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3bc -Pipe 29c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 310 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 418 -Pipe 408 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 0 -NGENProcess 418 -Pipe 3d8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 420 -Pipe 41c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3f8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3e4 -Pipe 414 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 344 -Pipe 3bc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 0 -NGENProcess 3ec -Pipe 338 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 404 -Pipe 2f0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 424 -Pipe 3c8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 3cc -Pipe 3d0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ec -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 36c -Pipe 404 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 36c -Pipe 370 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 40c -Pipe 424 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3f0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 328 -Pipe 40c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 36c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 410 -Pipe 424 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 418 -Pipe 3e4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 390 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3e8 -Pipe 364 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 428 -Pipe 3e8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2ec -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 388 -Pipe 340 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 0 -NGENProcess 434 -Pipe 428 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 0 -NGENProcess 348 -Pipe 430 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 440 -InterruptEvent 0 -NGENProcess 448 -Pipe 2b0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3c0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 43c -InterruptEvent 0 -NGENProcess 3d4 -Pipe 21c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 450 -InterruptEvent 0 -NGENProcess 434 -Pipe 44c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 454 -InterruptEvent 0 -NGENProcess 42c -Pipe 390 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 374 -Pipe 3cc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 434 -Pipe 364 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 444 -Pipe 3e0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 0 -NGENProcess 464 -Pipe 478 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 0 -NGENProcess 33c -Pipe 47c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 470 -InterruptEvent 0 -NGENProcess 494 -Pipe 3a8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 0 -NGENProcess 488 -Pipe 480 -Comment "NGen Worker Process"
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: version.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: netutils.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: wldp.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: profapi.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: rasman.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: propsys.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: edputil.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: slc.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: userenv.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: sppc.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: msctfui.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: riched20.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: usp10.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: msls31.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: thumbcache.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: msvcp110_win.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: version.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: asycfilt.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: newdev.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: devrtl.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: moshost.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mapsbtsvc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mosstorage.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exe Section loaded: bcp47langs.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mapconfiguration.dll
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: storsvc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe Section loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe Section loaded: bcd.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: storageusage.dll
Source: C:\Windows\System32\svchost.exe Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: usosvc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: updatepolicy.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: taskschd.dll
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: upshared.dll
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: usocoreps.dll
Source: C:\Windows\System32\svchost.exe Section loaded: usoapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: aphostservice.dll
Source: C:\Windows\System32\svchost.exe Section loaded: networkhelper.dll
Source: C:\Windows\System32\svchost.exe Section loaded: userdataplatformhelperutil.dll
Source: C:\Windows\System32\svchost.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe Section loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mccspal.dll
Source: C:\Windows\System32\svchost.exe Section loaded: vaultcli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dmcfgutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exe Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dmcmnutils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dmxmlhelputils.dll
Source: C:\Windows\System32\svchost.exe Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe Section loaded: inproclogger.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe Section loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\svchost.exe Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe Section loaded: synccontroller.dll
Source: C:\Windows\System32\svchost.exe Section loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: aphostclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: accountaccessor.dll
Source: C:\Windows\System32\svchost.exe Section loaded: dsclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe Section loaded: systemeventsbrokerclient.dll
Source: C:\Windows\System32\svchost.exe Section loaded: userdatalanguageutil.dll
Source: C:\Windows\System32\svchost.exe Section loaded: mccsengineshared.dll
Source: C:\Windows\System32\svchost.exe Section loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe Section loaded: cemapi.dll
Source: C:\Windows\System32\svchost.exe Section loaded: userdatatypehelperutil.dll
Source: C:\Windows\System32\svchost.exe Section loaded: phoneutil.dll
Source: C:\Windows\System32\svchost.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe Section loaded: rmclient.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: winhttp.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: msasn1.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: cryptbase.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: iphlpapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: devrtl.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: spinf.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: drvstore.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: devobj.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: cryptsp.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: rsaenh.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: gpapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: windows.storage.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: wldp.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: profapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: ntmarta.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: newdev.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exe Section loaded: umpnpmgr.dll
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: devobj.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: cabinet.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: mpclient.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: secur32.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: sspicli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: version.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: msasn1.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: userenv.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: gpapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: amsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: wscapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: urlmon.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: iertutil.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: srvcli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: netutils.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: slc.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Section loaded: sppc.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: cabinet.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: msasn1.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptsp.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: rsaenh.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: cryptbase.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: gpapi.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: devrtl.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: drvstore.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: devobj.dll
Source: C:\Windows\System32\drvinst.exe Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: aclayers.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc_os.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: urlmon.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: iertutil.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: netutils.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\regsvr32.exe Section loaded: wldp.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: urlmon.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: mpr.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: iertutil.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: srvcli.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: netutils.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: uxtheme.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: engine.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: sptdintf.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: windows.storage.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: wldp.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: profapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: ntmarta.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: msasn1.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: wbemcomn.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: amsi.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: userenv.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: sxs.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: winhttp.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: webio.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: mswsock.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: iphlpapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: winnsi.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: sspicli.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: dnsapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: rasadhlp.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: schannel.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: mskeyprotect.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: ntasn1.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: ncrypt.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: ncryptsslp.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: cryptsp.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: rsaenh.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: cryptbase.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: gpapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Section loaded: dpapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: winhttp.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: msasn1.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: cryptbase.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: iphlpapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: devrtl.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: spinf.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: drvstore.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: devobj.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: cryptsp.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: rsaenh.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: gpapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: cryptnet.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: profapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: winnsi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: mswsock.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: webio.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: sspicli.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: dnsapi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: rasadhlp.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: windows.storage.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: wldp.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: wbemcomn.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: amsi.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: userenv.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: napinsp.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: pnrpnsp.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: wshbth.dll
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File written: C:\ProgramData\Disc-Soft\DAEMON Tools Lite\settings.ini
Source: C:\Users\user\Desktop\DTLite1200-2126.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTLite.exe.config
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTAgent.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTHelper.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTLite.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTShl64.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Engine.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\imgengine.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\QuickConverter.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\sptdintf.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\VDriveLib.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTShl.propdesc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Profiles.ini
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\DTShl32.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\Extractor.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\uninst.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\ARA.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\CHS.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\CSY.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\DEU.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\ENU.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\ESN.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\FIN.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\FRA.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\HEB.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\HUN.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\HYE.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\ITA.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\JPN.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\KOR.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\LVI.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\PLK.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\PTB.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\PTP.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\RUS.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\TRK.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\lang\UKR.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\inst
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\inst\setuphlp.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\inst\sptdintf.dll
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Directory created: C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.inf
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.inf
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Directory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite
Source: DTLite1200-2126.exe Static PE information: certificate valid
Source: DTLite1200-2126.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: DTLite1200-2126.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: DTLite1200-2126.exe Static file information: File size 49105232 > 1048576
Source: DTLite1200-2126.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x2eb4800
Source: DTLite1200-2126.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: DTLite1200-2126.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Binary contains a suspicious time stamp
Source: DTLite1200-2126.exe Static PE information: 0xE8495B15 [Mon Jun 29 13:45:57 2093 UTC]
Registers a DLL
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl32.dll"

Persistence and Installation Behavior
barindex
Creates files in the system32 config directory
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B179347615B32FE859CEABBE50C3EE6_26B6C6D99327AD2BC8D8227F7F6CAF3E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3B179347615B32FE859CEABBE50C3EE6_26B6C6D99327AD2BC8D8227F7F6CAF3E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D7833C286363AD25C70511661A83D581_3557B2296D2E2C94AED9D1D96EBF2B6E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D7833C286363AD25C70511661A83D581_3557B2296D2E2C94AED9D1D96EBF2B6E
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3538626A1FCCCA43C7E18F220BDD9B02
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3538626A1FCCCA43C7E18F220BDD9B02
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E6286BA49003BA567AB6681F1333DB4
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E6286BA49003BA567AB6681F1333DB4
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\uninst.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTP.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\FIN.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll Jump to dropped file
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\VDriveLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\UKR.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\CSY.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\KOR.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DTShl64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\FRA.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\RUS.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\sptdintf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\setuphlp.dll Jump to dropped file
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe File created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ITA.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\LVI.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DTAgent.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\Engine.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DEU.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ESN.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\JPN.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\Extractor.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DTHelper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\CHS.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1574-0\System.Data.Entity.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HYE.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\BrightVPNResources\setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\TRK.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\imgengine.dll Jump to dropped file
Source: C:\Users\user\Desktop\DTLite1200-2126.exe File created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTB.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DTShl32.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\7z.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HEB.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DTLite.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HUN.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\sptdintf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ARA.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ENU.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\QuickConverter.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PLK.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File created: C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1574-0\System.Data.Entity.dll Jump to dropped file

Boot Survival
barindex
Creates an undocumented autostart registry key
Source: C:\Windows\SysWOW64\regsvr32.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\DaemonShellExtImageLite NULL
Source: C:\Windows\SysWOW64\regsvr32.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\DaemonShellExtImageLite NULL
Source: C:\Windows\System32\regsvr32.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\DaemonShellExtImageLite NULL
Source: C:\Windows\System32\regsvr32.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\DaemonShellExtImageLite NULL
Creates or modifies windows services
Source: C:\Windows\System32\drvinst.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dtlitescsibus
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DAEMON Tools Lite Automount
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DAEMON Tools Lite Automount
Stores large binary data to the registry
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Key value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C Blob
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB5892A second address: 6AB58940 instructions: 0x00000000 rdtsc 0x00000002 xchg al, cl 0x00000004 mov edx, dword ptr [6AA85934h] 0x0000000a lahf 0x0000000b mov al, bh 0x0000000d mov dword ptr [ebp-00000124h], edx 0x00000013 setp cl 0x00000016 rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B6950A77Fh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B694FE2E9h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B69542A23h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB66E35 second address: 6AB66E4D instructions: 0x00000000 rdtsc 0x00000002 neg ax 0x00000005 popfd 0x00000006 movsx esi, si 0x00000009 mov ecx, 11E344FBh 0x0000000e pop ebx 0x0000000f pop ecx 0x00000010 mov dl, 0Ah 0x00000012 pop edi 0x00000013 pop ebp 0x00000014 cmovbe dx, si 0x00000018 rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB8BEC4 second address: 6AB8BED1 instructions: 0x00000000 rdtsc 0x00000002 cbw 0x00000004 movsx esi, dx 0x00000007 pop ebx 0x00000008 mov esi, 69CB75D0h 0x0000000d rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB8BED1 second address: 6AB8BEE1 instructions: 0x00000000 rdtsc 0x00000002 not dx 0x00000005 pop ecx 0x00000006 xchg dx, bp 0x00000009 movzx edi, bx 0x0000000c pop edi 0x0000000d xchg eax, edx 0x0000000e pop ebp 0x0000000f cwde 0x00000010 rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B686BB99Fh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B686AF509h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B686F3C43h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB29F07 second address: 6AB29F1B instructions: 0x00000000 rdtsc 0x00000002 push 00000010h 0x00000004 lahf 0x00000005 cbw 0x00000007 mov cx, bp 0x0000000a lea eax, dword ptr [ebp-20h] 0x0000000d mov dl, dl 0x0000000f cdq 0x00000010 movzx edx, bx 0x00000013 push eax 0x00000014 rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB29F1B second address: 6AB29F29 instructions: 0x00000000 rdtsc 0x00000002 setbe ch 0x00000005 push 00000012h 0x00000007 xchg dh, dh 0x00000009 cwde 0x0000000a mov ecx, dword ptr [ebp-80h] 0x0000000d lahf 0x0000000e rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB83164 second address: 6AB82F85 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, byte ptr [ebp-0Dh] 0x00000006 movsx ecx, bx 0x00000009 push eax 0x0000000a cdq 0x0000000b mov eax, eax 0x0000000d movsx ax, dh 0x00000011 push 0000003Bh 0x00000013 bswap ax 0x00000016 movzx eax, si 0x00000019 mov ecx, dword ptr [ebp-40h] 0x0000001c mov edx, dword ptr [ecx] 0x0000001e mov ecx, dword ptr [ebp-40h] 0x00000021 bswap eax 0x00000023 movzx eax, di 0x00000026 not ah 0x00000028 mov eax, dword ptr [edx+1Ch] 0x0000002b jmp 00007F2B686A2609h 0x00000030 call eax 0x00000032 jmp 00007F2B689E2049h 0x00000037 push ebp 0x00000038 cwd 0x0000003a mov ebp, esp 0x0000003c movzx dx, ch 0x00000040 push ecx 0x00000041 cbw 0x00000043 mov dword ptr [ebp-04h], ecx 0x00000046 lahf 0x00000047 bswap eax 0x00000049 push 00000001h 0x0000004b lea eax, dword ptr [ebp+0Ch] 0x0000004e push eax 0x0000004f movsx dx, al 0x00000053 rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B686BDD5Fh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B686B18C9h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B686F6003h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB83164 second address: 6AB82F85 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, byte ptr [ebp-0Dh] 0x00000006 movsx ecx, bx 0x00000009 push eax 0x0000000a cdq 0x0000000b mov eax, eax 0x0000000d movsx ax, dh 0x00000011 push 0000003Bh 0x00000013 bswap ax 0x00000016 movzx eax, si 0x00000019 mov ecx, dword ptr [ebp-40h] 0x0000001c mov edx, dword ptr [ecx] 0x0000001e mov ecx, dword ptr [ebp-40h] 0x00000021 bswap eax 0x00000023 movzx eax, di 0x00000026 not ah 0x00000028 mov eax, dword ptr [edx+1Ch] 0x0000002b jmp 00007F2B686A49C9h 0x00000030 call eax 0x00000032 jmp 00007F2B689E4409h 0x00000037 push ebp 0x00000038 cwd 0x0000003a mov ebp, esp 0x0000003c movzx dx, ch 0x00000040 push ecx 0x00000041 cbw 0x00000043 mov dword ptr [ebp-04h], ecx 0x00000046 lahf 0x00000047 bswap eax 0x00000049 push 00000001h 0x0000004b lea eax, dword ptr [ebp+0Ch] 0x0000004e push eax 0x0000004f movsx dx, al 0x00000053 rdtsc
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe RDTSC instruction interceptor: First address: 7FF772A89669 second address: 7FF772A896C3 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 mov eax, dword ptr [esp+38h] 0x00000007 rcr si, 006Dh 0x0000000b inc eax 0x0000000c and dh, 00000037h 0x0000000f or di, 7304h 0x00000014 mov ecx, dword ptr [esp+000001B8h] 0x0000001b sar si, 0035h 0x0000001f mov dword ptr [eax], ecx 0x00000021 adc dx, 40E2h 0x00000026 dec eax 0x00000027 cmp esp, eax 0x00000029 dec eax 0x0000002a mov eax, dword ptr [esp+38h] 0x0000002e stc 0x0000002f bt si, FF81h 0x00000034 dec eax 0x00000035 sub edi, 13141010h 0x0000003b dec eax 0x0000003c add eax, 04h 0x0000003f dec eax 0x00000040 mov edi, eax 0x00000042 dec eax 0x00000043 cmove esi, esi 0x00000046 dec eax 0x00000047 mov esi, dword ptr [esp+48h] 0x0000004b dec eax 0x0000004c mov ecx, dword ptr [esp+58h] 0x00000050 rep movsb 0x00000052 rep movsb 0x00000054 rep movsb 0x00000056 rep movsb 0x00000058 rep movsb 0x0000005a rep movsb 0x0000005c rep movsb 0x0000005e rep movsb 0x00000060 rep movsb 0x00000062 rep movsb 0x00000064 rep movsb 0x00000066 rep movsb 0x00000068 rep movsb 0x0000006a rep movsb 0x0000006c rep movsb 0x0000006e rep movsb 0x00000070 rep movsb 0x00000072 rep movsb 0x00000074 rep movsb 0x00000076 rep movsb 0x00000078 rep movsb 0x0000007a rep movsb 0x0000007c rep movsb 0x0000007e rep movsb 0x00000080 rep movsb 0x00000082 rep movsb 0x00000084 rep movsb 0x00000086 rep movsb 0x00000088 mov di, sp 0x0000008b inc cx 0x0000008d movsx eax, cl 0x00000090 rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B692BBEAFh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B692AFA19h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B692F4153h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB83164 second address: 6AB82F85 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, byte ptr [ebp-0Dh] 0x00000006 movsx ecx, bx 0x00000009 push eax 0x0000000a cdq 0x0000000b mov eax, eax 0x0000000d movsx ax, dh 0x00000011 push 0000003Bh 0x00000013 bswap ax 0x00000016 movzx eax, si 0x00000019 mov ecx, dword ptr [ebp-40h] 0x0000001c mov edx, dword ptr [ecx] 0x0000001e mov ecx, dword ptr [ebp-40h] 0x00000021 bswap eax 0x00000023 movzx eax, di 0x00000026 not ah 0x00000028 mov eax, dword ptr [edx+1Ch] 0x0000002b jmp 00007F2B692A2B19h 0x00000030 call eax 0x00000032 jmp 00007F2B695E2559h 0x00000037 push ebp 0x00000038 cwd 0x0000003a mov ebp, esp 0x0000003c movzx dx, ch 0x00000040 push ecx 0x00000041 cbw 0x00000043 mov dword ptr [ebp-04h], ecx 0x00000046 lahf 0x00000047 bswap eax 0x00000049 push 00000001h 0x0000004b lea eax, dword ptr [ebp+0Ch] 0x0000004e push eax 0x0000004f movsx dx, al 0x00000053 rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B695BF7AFh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B695B3319h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B695F7A53h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe RDTSC instruction interceptor: First address: 6AB83164 second address: 6AB82F85 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, byte ptr [ebp-0Dh] 0x00000006 movsx ecx, bx 0x00000009 push eax 0x0000000a cdq 0x0000000b mov eax, eax 0x0000000d movsx ax, dh 0x00000011 push 0000003Bh 0x00000013 bswap ax 0x00000016 movzx eax, si 0x00000019 mov ecx, dword ptr [ebp-40h] 0x0000001c mov edx, dword ptr [ecx] 0x0000001e mov ecx, dword ptr [ebp-40h] 0x00000021 bswap eax 0x00000023 movzx eax, di 0x00000026 not ah 0x00000028 mov eax, dword ptr [edx+1Ch] 0x0000002b jmp 00007F2B695A6419h 0x00000030 call eax 0x00000032 jmp 00007F2B698E5E59h 0x00000037 push ebp 0x00000038 cwd 0x0000003a mov ebp, esp 0x0000003c movzx dx, ch 0x00000040 push ecx 0x00000041 cbw 0x00000043 mov dword ptr [ebp-04h], ecx 0x00000046 lahf 0x00000047 bswap eax 0x00000049 push 00000001h 0x0000004b lea eax, dword ptr [ebp+0Ch] 0x0000004e push eax 0x0000004f movsx dx, al 0x00000053 rdtsc
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Memory allocated: 25668880000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Memory allocated: 25668AD0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Memory allocated: 39C0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Memory allocated: 5470000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Memory allocated: 5320000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Memory allocated: 290DC600000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Memory allocated: 290F6010000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Memory allocated: 12C60000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Memory allocated: 11200000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Memory allocated: 16410000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Memory allocated: 17410000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Memory allocated: 17C40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Memory allocated: 13C60000 memory reserve | memory write watch
Contains capabilities to detect virtual machines
Source: C:\Windows\System32\svchost.exe File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599890
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599779
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599667
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599555
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599443
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599316
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599190
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599062
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598950
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598838
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598726
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598614
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598486
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 597448
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 597337
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Window / User API: threadDelayed 9123
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Window / User API: threadDelayed 607
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\uninst.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTP.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\FIN.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll Jump to dropped file
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\VDriveLib.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\UKR.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\CSY.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\KOR.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTShl64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\FRA.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\RUS.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\sptdintf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\setuphlp.dll Jump to dropped file
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ITA.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\LVI.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTAgent.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Engine.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DEU.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ESN.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\JPN.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Extractor.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTHelper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\CHS.dll Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1574-0\System.Data.Entity.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HYE.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BrightVPNResources\setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\TRK.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\imgengine.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTB.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTShl32.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\7z.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HEB.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTLite.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HUN.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\sptdintf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ARA.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ENU.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\QuickConverter.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PLK.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Dropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dll Jump to dropped file
Is looking for software installed on the system
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\DTLite1200-2126.exe TID: 5768 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6376 Thread sleep count: 9123 > 30
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6376 Thread sleep count: 607 > 30
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -11068046444225724s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -599890s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -599779s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -599667s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -599555s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -599443s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -599316s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -599190s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -599062s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -598950s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -598838s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -598726s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -598614s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -598486s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -597448s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996 Thread sleep time: -597337s >= -30000s
Source: C:\Users\user\Desktop\DTLite1200-2126.exe TID: 6896 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 4884 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe TID: 2332 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 3652 Thread sleep time: -120000s >= -30000s
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 5760 Thread sleep count: 116 > 30
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 4152 Thread sleep count: 112 > 30
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 4152 Thread sleep count: 201 > 30
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 5760 Thread sleep count: 234 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 640 Thread sleep time: -922337203685477s >= -30000s
Queries disk information (often used to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File opened: PhysicalDrive0
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\Windows\System32 FullSizeInformation
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599890
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599779
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599667
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599555
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599443
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599316
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599190
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 599062
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598950
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598838
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598726
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598614
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 598486
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 597448
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Thread delayed: delay time: 597337
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process information queried: ProcessInformation
Enables debug privileges
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process token adjusted: Debug
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Memory allocated: page read and write | page guard
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Process created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe "C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" /Service
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl32.dll"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTLite.exe"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTAgent.exe"
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DiscSoft.NET.Common.dll"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 204 -Pipe 218 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2e8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 310 -Pipe 2cc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 0 -NGENProcess 36c -Pipe 30c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 374 -Pipe 378 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 390 -Pipe 39c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 33c -Pipe 358 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 37c -Pipe 394 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ac -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 390 -Pipe 3b8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3cc -Pipe 3c4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 354 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 2e4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 38c -Pipe 3b0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 36c -Pipe 2a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 2d0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3dc -Pipe 384 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3bc -Pipe 29c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 310 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 418 -Pipe 408 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 0 -NGENProcess 418 -Pipe 3d8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 420 -Pipe 41c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3f8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3e4 -Pipe 414 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 344 -Pipe 3bc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 0 -NGENProcess 3ec -Pipe 338 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 404 -Pipe 2f0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 424 -Pipe 3c8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 3cc -Pipe 3d0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ec -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 36c -Pipe 404 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 36c -Pipe 370 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 40c -Pipe 424 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3f0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 328 -Pipe 40c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 36c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 410 -Pipe 424 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 418 -Pipe 3e4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 390 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3e8 -Pipe 364 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 428 -Pipe 3e8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2ec -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 388 -Pipe 340 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 0 -NGENProcess 434 -Pipe 428 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 0 -NGENProcess 348 -Pipe 430 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 440 -InterruptEvent 0 -NGENProcess 448 -Pipe 2b0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3c0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 43c -InterruptEvent 0 -NGENProcess 3d4 -Pipe 21c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 450 -InterruptEvent 0 -NGENProcess 434 -Pipe 44c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 454 -InterruptEvent 0 -NGENProcess 42c -Pipe 390 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 374 -Pipe 3cc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 434 -Pipe 364 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 444 -Pipe 3e0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 0 -NGENProcess 464 -Pipe 478 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 0 -NGENProcess 33c -Pipe 47c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 470 -InterruptEvent 0 -NGENProcess 494 -Pipe 3a8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 0 -NGENProcess 488 -Pipe 480 -Comment "NGen Worker Process"
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Queries volume information: C:\Users\user\Desktop\DTLite1200-2126.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Queries volume information: C:\Users\user\Desktop\DTLite1200-2126.exe VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exe Queries volume information: C: VolumeInformation
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Queries volume information: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat VolumeInformation
Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe Queries volume information: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exe Queries volume information: C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}\dtlitescsibus.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exe Queries volume information: C:\Windows\System32\DriverStore\Temp\{19e10466-1d86-6948-b0b6-34b8099bfaec}\dtliteusbbus.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\Desktop\DTLite1200-2126.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Adds / modifies Windows certificates
Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Program Files\Windows Defender\MpCmdRun.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.18.38.233
 unknown United States
13335 CLOUDFLARENETUS false
18.160.45.150
 d18pai2j2nazug.cloudfront.net United States
3 MIT-GATEWAYSUS false

Private

IP
192.168.2.148
192.168.2.149
192.168.2.146
192.168.2.147
192.168.2.140
192.168.2.141
192.168.2.144
192.168.2.145
192.168.2.142
192.168.2.143
192.168.2.159
192.168.2.157
192.168.2.158
192.168.2.151
192.168.2.152
192.168.2.150
192.168.2.155
192.168.2.156
192.168.2.153
192.168.2.154
192.168.2.126
192.168.2.247
192.168.2.127
192.168.2.248
192.168.2.124
192.168.2.245
192.168.2.125
192.168.2.246
192.168.2.128
192.168.2.249
192.168.2.129
192.168.2.240
192.168.2.122
192.168.2.243
192.168.2.123
192.168.2.244
192.168.2.120
192.168.2.241
192.168.2.121
192.168.2.242
192.168.2.97
192.168.2.137
192.168.2.96
192.168.2.138
192.168.2.99
192.168.2.135
192.168.2.98
192.168.2.136
192.168.2.139
192.168.2.250
192.168.2.130
192.168.2.251
192.168.2.91
192.168.2.90
192.168.2.93
192.168.2.133
192.168.2.254
192.168.2.92
192.168.2.134
192.168.2.95
192.168.2.131
192.168.2.252
192.168.2.94
192.168.2.132
192.168.2.253
192.168.2.104
192.168.2.225
192.168.2.105
192.168.2.226
192.168.2.102
192.168.2.223
192.168.2.103
192.168.2.224
192.168.2.108
192.168.2.229
192.168.2.109
192.168.2.106
192.168.2.227
192.168.2.107
192.168.2.228
192.168.2.100
192.168.2.221
192.168.2.101
192.168.2.222
192.168.2.220
192.168.2.115
192.168.2.236
192.168.2.116
192.168.2.237
192.168.2.113
192.168.2.234
192.168.2.114
192.168.2.235
192.168.2.119
192.168.2.117
192.168.2.238
192.168.2.118
192.168.2.239

Contacted Domains

Name IP Active
dt.web-search-home.com 161.35.103.80 true
wsh-59477fcee407fa1b188bd9152683fcf7.fra1.cdn.digitaloceanspaces.com 172.64.145.29 true
d1i9zsetliuqlw.cloudfront.net 3.162.93.143 true
secure.disc-soft.com 161.35.212.100 true
d18pai2j2nazug.cloudfront.net 18.160.45.150 true
web-search-home.com 161.35.103.80 true
ocsp.sectigo.com unknown unknown
crl.sectigo.com unknown unknown
download.websearchhome.com unknown unknown