Windows Analysis Report
LEADER_Setup_2024-03-01.exe

Overview

General Information

Sample name: LEADER_Setup_2024-03-01.exe
Analysis ID: 1432219
MD5: cec0e50f9de40df587f87c062196880e
SHA1: 3493a1598d40e1895d734811fe5d3bd139c336b3
SHA256: 8a08fb3ae29464fe20a6e9cb38bdaa1a32c5ffb1812b43889f2ee6f403f7a7ad
Infos:

Detection

Score: 6
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Searches for user specific document files
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: LEADER_Setup_2024-03-01.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Window detected: &Next >CancelThank you for choosing LEADER. This Single User Setup will automatically remove any previous version of LEADER before installing version 2024.03.01 on your computer.If you agree with the terms below click Next. Otherwise click Cancel.End-user License Agreement (EULA)LEADER(TM)-------------This End-user License Agreement (this "EULA") is a legal agreement between one or more individuals from a single company (the LICENSEE) and ABSG Consulting Inc. (ABS Consulting the LICENSOR). This EULA covers the license(s) and maintenance plan for the LEADER software and associated media and electronic/printed documentation (together comprising the "SOFTWARE PRODUCT") the LICENSEE has acquired. By installing copying or otherwise using the SOFTWARE PRODUCT or any portion thereof the LICENSEE agrees to be bound by the terms of this EULA. If the LICENSEE does not agree to the terms of this EULA the LICENSOR is unwilling to provide a License for the SOFTWARE PRODUCT to the LICENSEE. In such event the LICENSEE may not use or copy the SOFTWARE PRODUCT and the LICENSEE should promptly contact the LICENSOR for instructions on removal of the unused SOFTWARE PRODUCT for a refund.-------------SOFTWARE PRODUCT License:The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is not sold; rather a License(s) for the SOFTWARE PRODUCT is provided in perpetuity "as is."1. Grant of License. Pursuant to this EULA the LICENSOR hereby grants the LICENSEE the following rights for the number and type(s) of licenses acquired for the SOFTWARE PRODUCT. If the LICENSEE has acquired an Unlimited Corporate License of the SOFTWARE PRODUCT the LICENSEE is entitled to an unlimited number of each type of License described herein for the SOFTWARE PRODUCT.SINGLE USER LICENSESoftware. Each Single User License allows the SOFTWARE PRODUCT to be registered (i.e. "unlocked") on up to two LICENSEE machines for use by a specified LICENSEE employee (the User). Each machine requires a unique Registration Code in order to unlock the SOFTWARE PRODUCT.Storage/Network Use. The setup file(s) for a Single User License(s) of the SOFTWARE PRODUCT may be copied to a LICENSEE server for installation on multiple LICENSEE machines. However the LICENSEE must acquire and dedicate a Single User License for the SOFTWARE PRODUCT for each User of the SOFTWARE PRODUCT. A Single User License for the SOFTWARE PRODUCT may not be shared by multiple persons or multiple companies.Backup Copy. The LICENSEE may make unlimited copies of the SOFTWARE PRODUCT and the LICENSEE may include the SOFTWARE PRODUCT in any general system or network backups.ROVING LICENSESoftware. Each Roving License allows the SOFTWARE PRODUCT to be registered (i.e. "unlocked") on one machine (e.g. a shared laptop) via a unique Registration Code for use by one person at a time. The registration for a Roving License may be tran
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\INSTALL.LOG
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\Local\Temp\GLFC501.tmp
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\Local\Temp\~GLH0000.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\Local\Temp\
Source: chrome.exe Memory has grown: Private usage: 14MB later: 30MB
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 23.50.115.133
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49715 version: TLS 1.2
Too many similar processes found
Source: regsvr32.exe Process created: 90
Creates files inside the system directory
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\LEADER.MIF
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0003.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0004.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0005.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0007.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0009.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH000b.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH000d.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH000f.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0011.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0013.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\~GLH001e.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH00bd.TMP
Deletes files inside the Windows folder
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File deleted: C:\Windows\SysWOW64\~GLH0005.TMP
Uses 32bit PE files
Source: LEADER_Setup_2024-03-01.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, REMOVABLE_RUN_FROM_SWAP
Source: classification engine Classification label: clean6.winEXE@123/123@2/21
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\~GLH0002.TMP
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files (x86)\LEADER\LEADER.exe Mutant created: NULL
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Users\user\AppData\Local\Temp\GLCB916.tmp
Source: LEADER_Setup_2024-03-01.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File read: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File read: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe
Source: unknown Process created: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe "C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe"
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1944,i,14493891824629702636,3599952498152496209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1944,i,14493891824629702636,3599952498152496209,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO360.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\MSMASK32.OCX" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\LeaderGrid2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ABSDI.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\OpenDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4FieldServer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ErrorLogger.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Erroneous.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4TermConvertor.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\RevalidationSetup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ProgressDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AdvMsgBox.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AutoType.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Splash.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\PTxSCP.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sstbars2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TList4.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSpell32.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex6d.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex7l.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JSBBAR16.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ViewPort6.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Softlocx5.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\mblink.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\excooltips.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HHActiveX.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\L3Conversion\Leader3Import.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerPlus.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerLite.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ActiveWizard.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\prjLOPARollup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGToolBars50.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sg20o.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VLBtnBar.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\vbalXPBG6.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\BreakTimer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGTabs40.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Jbfalls.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAETS.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAWI.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\SoftRegister.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Imports.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HRLUR.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO360.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ExportToOutline.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" C:\Windows\SysWOW64\MSCOMCTL.OCX /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\COMDLG32.OCX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Dblist32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Comct332.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Mscomct2.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Threed32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Tabctl32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Richtx32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Msstdfmt.dll
Source: unknown Process created: C:\Program Files (x86)\LEADER\LEADER.exe "C:\Program Files (x86)\LEADER\LEADER.exe"
Source: unknown Process created: C:\Program Files (x86)\LEADER\LEADER.exe "C:\Program Files (x86)\LEADER\LEADER.exe"
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\MSMASK32.OCX" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\LeaderGrid2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ABSDI.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\OpenDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4FieldServer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ErrorLogger.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Erroneous.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4TermConvertor.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\RevalidationSetup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ProgressDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AdvMsgBox.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AutoType.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Splash.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\PTxSCP.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sstbars2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TList4.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSpell32.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex6d.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex7l.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JSBBAR16.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ViewPort6.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Softlocx5.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\mblink.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\excooltips.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HHActiveX.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\L3Conversion\Leader3Import.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerPlus.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerLite.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ActiveWizard.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\prjLOPARollup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGToolBars50.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sg20o.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VLBtnBar.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\vbalXPBG6.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\BreakTimer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGTabs40.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Jbfalls.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAETS.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAWI.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\SoftRegister.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Imports.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HRLUR.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ExportToOutline.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" C:\Windows\SysWOW64\MSCOMCTL.OCX /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\COMDLG32.OCX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Dblist32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Comct332.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Mscomct2.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Threed32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Tabctl32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Richtx32.ocx
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp "C:\Users\user\AppData\Local\Temp\GLJB936.tmp" C:\Windows\System32\Msstdfmt.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: acgenral.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: winmm.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: samcli.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: msacm32.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: version.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: userenv.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: mpr.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: winmmbase.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: netutils.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: aclayers.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: sfc.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: sfc_os.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: ismif32.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: riched32.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: riched20.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: usp10.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: msls31.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: wldp.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: propsys.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: profapi.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: edputil.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: slc.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: sppc.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: pcacli.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: cabinet.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: linkinfo.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: ntshrui.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: cscapi.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Section loaded: ismif32.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: msvbvm60.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: msvbvm60.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: msvbvm60.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: msvbvm60.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: msvbvm60.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: vb6zz.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: sxs.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: scrrun.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: version.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: oledlg.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: olepro32.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: textshaping.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: asycfilt.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: textinputframework.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: coremessaging.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\LEADER\LEADER.exe Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: C:\Program Files (x86)\LEADER\LEADER.exe File written: C:\Users\user\AppData\Local\VirtualStore\Windows\netdet.ini
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Windows\SysWOW64\RICHED32.DLL
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Window detected: &Next >CancelThank you for choosing LEADER. This Single User Setup will automatically remove any previous version of LEADER before installing version 2024.03.01 on your computer.If you agree with the terms below click Next. Otherwise click Cancel.End-user License Agreement (EULA)LEADER(TM)-------------This End-user License Agreement (this "EULA") is a legal agreement between one or more individuals from a single company (the LICENSEE) and ABSG Consulting Inc. (ABS Consulting the LICENSOR). This EULA covers the license(s) and maintenance plan for the LEADER software and associated media and electronic/printed documentation (together comprising the "SOFTWARE PRODUCT") the LICENSEE has acquired. By installing copying or otherwise using the SOFTWARE PRODUCT or any portion thereof the LICENSEE agrees to be bound by the terms of this EULA. If the LICENSEE does not agree to the terms of this EULA the LICENSOR is unwilling to provide a License for the SOFTWARE PRODUCT to the LICENSEE. In such event the LICENSEE may not use or copy the SOFTWARE PRODUCT and the LICENSEE should promptly contact the LICENSOR for instructions on removal of the unused SOFTWARE PRODUCT for a refund.-------------SOFTWARE PRODUCT License:The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties as well as other intellectual property laws and treaties. The SOFTWARE PRODUCT is not sold; rather a License(s) for the SOFTWARE PRODUCT is provided in perpetuity "as is."1. Grant of License. Pursuant to this EULA the LICENSOR hereby grants the LICENSEE the following rights for the number and type(s) of licenses acquired for the SOFTWARE PRODUCT. If the LICENSEE has acquired an Unlimited Corporate License of the SOFTWARE PRODUCT the LICENSEE is entitled to an unlimited number of each type of License described herein for the SOFTWARE PRODUCT.SINGLE USER LICENSESoftware. Each Single User License allows the SOFTWARE PRODUCT to be registered (i.e. "unlocked") on up to two LICENSEE machines for use by a specified LICENSEE employee (the User). Each machine requires a unique Registration Code in order to unlock the SOFTWARE PRODUCT.Storage/Network Use. The setup file(s) for a Single User License(s) of the SOFTWARE PRODUCT may be copied to a LICENSEE server for installation on multiple LICENSEE machines. However the LICENSEE must acquire and dedicate a Single User License for the SOFTWARE PRODUCT for each User of the SOFTWARE PRODUCT. A Single User License for the SOFTWARE PRODUCT may not be shared by multiple persons or multiple companies.Backup Copy. The LICENSEE may make unlimited copies of the SOFTWARE PRODUCT and the LICENSEE may include the SOFTWARE PRODUCT in any general system or network backups.ROVING LICENSESoftware. Each Roving License allows the SOFTWARE PRODUCT to be registered (i.e. "unlocked") on one machine (e.g. a shared laptop) via a unique Registration Code for use by one person at a time. The registration for a Roving License may be tran
Source: LEADER_Setup_2024-03-01.exe Static file information: File size 17423501 > 1048576
Registers a DLL
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO360.DLL" /s
Drops PE files
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0039.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH000d.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH006e.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0011.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH001c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH002a.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0004.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0022.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0038.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0048.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0030.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0056.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH005e.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0005.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0070.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH006c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0013.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0036.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH003b.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH004e.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH000b.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH00bd.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0007.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\temp.000 Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0024.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0054.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0069.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Users\user\AppData\Local\Temp\GLJB936.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Users\user\AppData\Local\Temp\GLCB916.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0034.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0042.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0018.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH004c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0052.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0009.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH003d.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0044.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0060.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH002e.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH005a.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0026.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\~GLH0016.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH00be.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH001a.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH004a.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH000f.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0058.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0032.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000 Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0062.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH002c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0046.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH005c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0020.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH003f.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Users\user\AppData\Local\Temp\~GLH0000.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0050.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0003.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\~GLH0028.TMP Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH000f.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH000d.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0011.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0013.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000 Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0004.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0009.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH000b.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH00bd.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0007.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0003.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\~GLH0005.TMP Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Windows\SysWOW64\temp.000 Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\temp.000 Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\Program Files (x86)\LEADER\Bin\INSTALL.LOG
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER Program Folder.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER Help.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEADER\LEADER User Folder.lnk
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\LEADER\LEADER.exe Process information set: NOOPENFILEERRORBOX
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0039.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH000d.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0011.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH006e.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH002a.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH001c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0004.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0022.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0038.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0048.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0030.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0056.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH005e.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0005.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0070.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH006c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0013.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH003b.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0036.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH004e.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH000b.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH00bd.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0007.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\temp.000 Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0024.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0054.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0069.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0034.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GLCB916.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GLJB936.tmp Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0042.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0018.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH004c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0052.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0009.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH003d.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0060.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0044.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH002e.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH005a.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0026.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH00be.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH001a.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH004a.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH000f.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0058.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0032.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\temp.000 Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0062.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH002c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0046.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH005c.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0020.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH003f.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\~GLH0000.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0050.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Windows\SysWOW64\~GLH0003.TMP Jump to dropped file
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Dropped PE file which has not been started: C:\Program Files (x86)\LEADER\Bin\~GLH0028.TMP Jump to dropped file
Source: C:\Program Files (x86)\LEADER\LEADER.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\LEADER\LEADER.exe File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\Local\Temp\GLFC501.tmp
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\Local\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\Local\Temp\~GLH0000.TMP
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe File opened: C:\Users\user\AppData\Local\Temp\
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\DAO360.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\MSMASK32.OCX" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\LeaderGrid2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ABSDI.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\OpenDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4FieldServer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ErrorLogger.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Erroneous.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\L4TermConvertor.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\RevalidationSetup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ProgressDialog.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AdvMsgBox.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\AutoType.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Splash.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\PTxSCP.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sstbars2.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TList4.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSpell32.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex6d.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VSFlex7l.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JSBBAR16.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ViewPort6.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Softlocx5.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\mblink.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\excooltips.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HHActiveX.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\L3Conversion\Leader3Import.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerPlus.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\TimerLite.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ActiveWizard.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\prjLOPARollup.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGToolBars50.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\sg20o.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\VLBtnBar.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\vbalXPBG6.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\BreakTimer.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\IGTabs40.ocx" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Jbfalls.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAETS.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\JBFAWI.DLL" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\SoftRegister.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\Imports.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\HRLUR.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" "C:\Program Files (x86)\LEADER\BIN\ExportToOutline.dll" /s
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\SysWOW64\regsvr32.exe" C:\Windows\SysWOW64\MSCOMCTL.OCX /s
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\LEADER\LEADER.exe Queries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\LEADER\LEADER.exe Queries volume information: C:\ VolumeInformation
Searches for user specific document files
Source: C:\Users\user\Desktop\LEADER_Setup_2024-03-01.exe Directory queried: C:\Users\Public\Documents
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.189.131
 unknown United States
15169 GOOGLEUS false
142.250.217.164
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
172.217.2.206
 unknown United States
15169 GOOGLEUS false
108.177.11.84
 unknown United States
15169 GOOGLEUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
www.google.com 142.250.217.164 true