Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Yoranis Setup.exe

Overview

General Information

Sample name:Yoranis Setup.exe
Analysis ID:1584251
MD5:b3cbd672cb20b2112488d26a6b325e69
SHA1:c752f280a123a30177ba1e17d770bead2c0644a9
SHA256:9bdec941d05ba0c0f365e2198600914d6001745cf554b8e6673d5045b7f6205d
Tags:exeuser-JaffaCakes118
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
AI detected suspicious sample
Drops large PE files
Excessive usage of taskkill to terminate processes
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Yoranis Setup.exe (PID: 5816 cmdline: "C:\Users\user\Desktop\Yoranis Setup.exe" MD5: B3CBD672CB20B2112488D26A6B325E69)
    • cmd.exe (PID: 4908 cmdline: "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2488 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 4600 cmdline: "C:\Windows\system32\find.exe" "YoransSetup.exe" MD5: 15B158BC998EEF74CFDD27C44978AEA0)
  • YoransSetup.exe (PID: 5324 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 3104 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6584 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • YoransSetup.exe (PID: 6836 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 7060 cmdline: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • curl.exe (PID: 1732 cmdline: curl http://api.ipify.org/ --ssl-no-revoke MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
    • cmd.exe (PID: 2792 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 5772 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • YoransSetup.exe (PID: 2688 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 4828 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 4432 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • find.exe (PID: 6488 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
    • cmd.exe (PID: 6204 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 1856 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • cmd.exe (PID: 1712 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3104 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 2536 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 4432 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3608 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6956 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1432 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5844 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6400 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7224 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3104 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7320 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6204 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7840 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7180 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7248 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7788 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7240 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8000 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7280 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7944 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7328 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7920 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7352 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7864 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7360 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7852 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7368 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8100 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7388 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7968 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7396 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7952 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7504 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7976 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7568 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7896 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7576 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7984 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7592 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7936 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7616 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7888 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6952 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7236 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2448 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 5844 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6608 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7208 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7272 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8108 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3452 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7844 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6584 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8048 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7604 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 6488 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2324 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8028 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8060 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7800 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7760 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7856 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7588 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7652 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8020 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7888 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3408 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7592 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7972 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7912 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8116 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7240 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • chrome.exe (PID: 8052 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • cmd.exe (PID: 7268 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7436 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8036 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7780 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8100 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7608 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7408 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5816 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6204 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7360 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7220 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • dllhost.exe (PID: 2448 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
    • msedge.exe (PID: 5436 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 6940 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2112 --field-trial-handle=1984,i,3389205332898887649,4173586543709646972,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • backgroundTaskHost.exe (PID: 7396 cmdline: "C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider MD5: DA7063B17DBB8BBB3015351016868006)
    • cmd.exe (PID: 8136 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7944 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7464 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7344 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7904 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7632 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2836 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7956 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 3760 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8128 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7272 cmdline: taskkill /IM Steam.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1820 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7832 cmdline: taskkill /IM javaw.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2472 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5468 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7332 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7232 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 5724 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7388 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7240 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7836 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7772 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7760 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7212 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe, ParentProcessId: 5324, ParentProcessName: YoransSetup.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, ProcessId: 8052, ProcessName: chrome.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe, ParentProcessId: 5324, ParentProcessName: YoransSetup.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", ProcessId: 7060, ProcessName: cmd.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1712, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, ProcessId: 3104, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 84.1% probability
Source: Yoranis Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Yoranis Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b4a0680f-9ee1-57b1-adfd-e68812be32d6Jump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: Yoranis Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCMT.AMD64.PDB source: Yoranis Setup.exe, 00000000.00000003.1934907956.0000000005FF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1872786906.000000000506F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\electron.exe.pdb source: Yoranis Setup.exe, 00000000.00000003.1859194180.00000000066A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1884656243.0000000005069000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\node-sqlite3\node-sqlite3\build\Release\node_sqlite3.pdb source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\win-version-info\win-version-info\build\Release\VersionInfo.pdb source: Yoranis Setup.exe, 00000000.00000003.1945320349.000000000566A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCPMT.AMD64.PDB source: Yoranis Setup.exe, 00000000.00000003.1934907956.0000000005FF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1885877191.0000000005F22000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-jsJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\buildJump to behavior
Source: Joe Sandbox ViewIP Address: 143.244.215.221 143.244.215.221
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgUser-Agent: curl/7.83.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: api.iwannaeatcats.com
Source: global trafficDNS traffic detected: DNS query: api.gofile.io
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: file.io
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:1337/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:80/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:1337/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:80/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/32
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://a.b.example
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue5752
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=76293
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=122
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/wiki/GypLanguageSpecification
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-20
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://debuggable.com/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dominictarr.com)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.no
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.sub
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/commonnode-set..
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedesktop.org
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/troygoode/)
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxon
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://indigounited.com)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://istanbul-js.org/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://marijnhaverbeke.nl/git/acorn
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://maxao.free.fr/xcode-plugin-interface/specifications.html
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://no.sub.example
Source: Yoranis Setup.exe, 00000000.00000002.1994380140.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Yoranis Setup.exe, 00000000.00000000.1668105514.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.godaddy.com/0J
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s..
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/62888/10333
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/37519828
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:1337
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:80
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tootallnate.net)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://travis-ci.org/troygoode/node-require-directory)
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unexpected.proxy
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.exodus.io)
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://x.prefexample
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zlib.net/
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/gyp/issues/detail?id=530
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: Yoranis Setup.exe, 00000000.00000003.1925582048.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=am&category=theme81https://myactivity.google.com/myactivity/?u
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=cs&category=theme81https://myactivity.google.com/myactivity/?u
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: Yoranis Setup.exe, 00000000.00000003.1928149958.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925582048.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929896230.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926437841.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925615602.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928365141.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929233631.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1933497964.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928788246.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926980686.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926765925.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/github/JoshGlazebrook/smart-buffer?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/repos/github/JoshGlazebrook/smart-buffer/badge.svg?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1429681
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119..
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/v8/7848
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/download/more/
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/service_workers/events/
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/service_workers/events/Script
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.developer.apple.com/Developer_Tools/Command_Line_Tools_for_Xcode_11.5/Command_Line_
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/opensource
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/support
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Cyan4973/xxHash
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks#api-reference)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/MeriemKhelifi)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RABEHAJA-STEVENS)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/node-socks-proxy-agent#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TroyGoode)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/scheduling-apis
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebBluetoothCG/web-bluetooth/blob/main/implementation-status.md
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn.git
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/issues
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei/sprintf.js.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alograg)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrasq)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrewrk/node-mv/blob/master/package.json
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/arose)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/beck)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bitinn/node-fetch
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args.git
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/daurnimator)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/denoland/deno
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/denoland/deno/blob/main/LICENSE.md.
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/denoland/deno/blob/v1.29.1/ext/crypto/00_crypto.js#L195
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/rc.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct.git
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container.git
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/zstd
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/safe-buffer
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-concat
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-get
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fredludlow)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giann)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/woff2
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/xnnpack
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-status
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/gpuweb/gpuweb/wiki/Implementation-Status#implementation-statusFailed
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass-fetch)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-tar.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/johnnyshields)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/pull/141
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jsdom/webidl-conversions
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jsdom/webidl-conversions/blob/master/LICENSE.md.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lgeiger/node-abi/issues/54
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/litmit)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/marob)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla/sweet.js/wiki/design
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mrvisser)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/msimerson)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nazar-pc)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/node4good/windows-autoconf
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/TSC/blob/master/Moderation-Policy.md
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next/archive/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-macos
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-windows
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1779
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1861
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1927
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/raw/master/macOS_Catalina_acid_test.sh
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/c8a04049/lib/internal/errors.js
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/CODE_OF_CONDUCT.md
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/v10.8.0/lib/internal/errors.js
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: Yoranis Setup.exe, 00000000.00000003.1940263446.000000000566A000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/27791
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/46161
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/string_decoder
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cacache
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cli/blob/4c65cd952bc8627811735bea76b9b110cc4fc80e/lib/utils/ansi-trim.js
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/make-fetch-happen
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/minipass-fetch.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/move-file
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/nopt.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npmlog.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/ssri
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ohler/ert
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/oliversalzburg)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pigulla)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ppollono)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rebeccapeltz)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/feross
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/isaacs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/stingstrom)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit.git
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tim-kos/node-retry
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/timgates42)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/troygoode/node-require-directory/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-coff
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type-descriptor
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature-offset
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/win-detect-browsers
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wodka)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking#readme
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs#supported-nodejs-versions
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs-parser#supported-nodejs-versions
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs.git
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zkochan/packages/tree/main/which-pm-runs
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zkochan/packages/tree/main/which-pm-runs#readme
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1859194180.00000000066A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/EuHzyv
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/rStTGz
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hackerone.com/reports/541502
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hsivonen.fi/encoding-menu/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jimmy.warting.se/opensource
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://no-color.org/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory.png?downloads=true&stars=true)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/smart-buffer.png?downloads=true&downloadRank=true&stars=true
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.18.0/node-v18.18.0-headers.tar.gz
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.18.0/node-v18.18.0.tar.gz
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.18.0/node-v18.18.0.tar.gzhttps://nodejs.org/download/release
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000072A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.18.0/win-x64/node.lib
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npm.im/$
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npmjs.org/package/require-directory))
Source: Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.com
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ponyfill.com/)
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://robwu.nl/)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://secure.travis-ci.org/troygoode/node-require-directory.png)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: Yoranis Setup.exe, 00000000.00000003.1766629905.0000000005C60000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1881252136.0000000005066000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: Yoranis Setup.exe, 00000000.00000003.1926405713.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928149958.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925582048.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929896230.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926437841.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928405930.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928365141.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929233631.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1933497964.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928788246.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926980686.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926765925.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1927526192.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: Yoranis Setup.exe, 00000000.00000003.1926405713.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928149958.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925582048.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929896230.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926437841.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925835536.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928405930.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1925615602.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928365141.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1929233631.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1933497964.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928788246.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926980686.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1928844904.0000000005F2F000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1926765925.0000000002B44000.00000004.00000020.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.1927526192.0000000002B44000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#eqn-modulo
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassContents
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassIntersection
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetExpression
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetOperand
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetRange
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetReservedDoublePunctuator
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetReservedPunctuator
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSetSyntaxCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassString
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassStringDisjunction
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassStringDisjunctionContents
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassSubtraction
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-ClassUnion
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-NestedClass
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#prod-NonEmptyClassString
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-defineownproperty-p-de
Source: Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getownproperty-p
Source: Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-getprototypeof
Source: Yoranis Setup.exe, 00000000.00000003.1944136948.000000000566A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-proxy-object-internal-methods-and-internal-slots-ownpropertykeys
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-tonumber
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/security).
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc1928#section-3
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer.svg?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/intent/user?screen_name=troygoode)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/cliui
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/yargs-parser
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webcrypto/#SubtleCrypto-method-wrapKey
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webcrypto/#algorithm-normalization-normalize-an-algorithm
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-integerpart
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-DOMString
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5093566007214080
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5093566007214080ErrorEventInit
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5644273861001216.
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.0000000007591000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5682658461876224.
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/wrap-ansi
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/feross
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8288.html#section-3
Source: Yoranis Setup.exe, 00000000.00000003.1859760956.0000000006EA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yargs.js.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000073EE000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE memstr_c3360627-3
Source: conhost.exeProcess created: 61
Source: cmd.exeProcess created: 108

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile dump: YoransSetup.exe.0.dr 173936640Jump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile dump: YoransSetup.exe0.0.dr 173936640Jump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00406B150_2_00406B15
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004072EC0_2_004072EC
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00404C9E0_2_00404C9E
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess token adjusted: SecurityJump to behavior
Source: YoransSetup.exe0.0.drStatic PE information: Number of sections : 15 > 10
Source: vulkan-1.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: dxcompiler.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: dxcompiler.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: YoransSetup.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: Yoranis Setup.exe, 00000000.00000003.1771495959.0000000005C46000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1879569917.0000000005066000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1884656243.0000000005069000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1864904434.000000000506D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1859507641.0000000006AA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename8 vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.1887263161.0000000005068000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename8 vs Yoranis Setup.exe
Source: Yoranis Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: // did the user specify their own .sln file?
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: * On Windows, find the first build/*.sln file.
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: glob('build/*.sln', function (err, files) {
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return path.extname(arg) === '.sln'
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: print('Usage: %s "c:\\path\\to\\project.sln"' % sys.argv[0])
Source: Yoranis Setup.exe, 00000000.00000003.1765766739.0000000005760000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return callback(new Error('Could not find *.sln file. Did you run "configure"?'))
Source: classification engineClassification label: mal76.troj.spyw.evad.winEXE@318/418@13/8
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404722
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8012:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7336:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7624:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4948:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7676:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8036:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7212:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7388:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7632:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7360:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7892:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7644:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4124:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3736:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7248:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7576:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7172:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4556:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7296:120:WilError_03
Source: C:\Users\user\Desktop\Yoranis Setup.exeMutant created: \Sessions\1\BaseNamedObjects\b4a0680f-9ee1-57b1-adfd-e68812be32d6
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1352:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6940:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7584:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7868:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8152:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7404:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7192:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7772:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7456:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3796:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6212:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8072:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6180:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7428:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7412:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2448:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7400:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7280:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6280:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7876:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5436:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6548:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4628:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5856:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7300:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8108:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7764:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8040:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7380:120:WilError_03
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsu7E06.tmpJump to behavior
Source: Yoranis Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Yoranis Setup.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'YORANSSETUP.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "javaw.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.00000000074F7000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile read: C:\Users\user\Desktop\Yoranis Setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Yoranis Setup.exe "C:\Users\user\Desktop\Yoranis Setup.exe"
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2112 --field-trial-handle=1984,i,3389205332898887649,4173586543709646972,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\backgroundTaskHost.exe "C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2112 --field-trial-handle=1984,i,3389205332898887649,4173586543709646972,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxil.dll
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dll
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b4a0680f-9ee1-57b1-adfd-e68812be32d6Jump to behavior
Source: Yoranis Setup.exeStatic file information: File size 87733089 > 1048576
Source: Yoranis Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCMT.AMD64.PDB source: Yoranis Setup.exe, 00000000.00000003.1934907956.0000000005FF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1872786906.000000000506F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Yoranis Setup.exe, 00000000.00000003.1863640706.0000000005064000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\electron.exe.pdb source: Yoranis Setup.exe, 00000000.00000003.1859194180.00000000066A0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1884656243.0000000005069000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\node-sqlite3\node-sqlite3\build\Release\node_sqlite3.pdb source: Yoranis Setup.exe, 00000000.00000003.1942868506.000000000566A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\win-version-info\win-version-info\build\Release\VersionInfo.pdb source: Yoranis Setup.exe, 00000000.00000003.1945320349.000000000566A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCPMT.AMD64.PDB source: Yoranis Setup.exe, 00000000.00000003.1934907956.0000000005FF1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.1885877191.0000000005F22000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: dxil.dll.0.drStatic PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]
Source: dxcompiler.dll.0.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.0.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll.0.drStatic PE information: section name: .retplne
Source: dxcompiler.dll.0.drStatic PE information: section name: _RDATA
Source: dxil.dll.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe.0.drStatic PE information: section name: .00cfg
Source: YoransSetup.exe.0.drStatic PE information: section name: .gxfg
Source: YoransSetup.exe.0.drStatic PE information: section name: .retplne
Source: YoransSetup.exe.0.drStatic PE information: section name: .rodata
Source: YoransSetup.exe.0.drStatic PE information: section name: CPADinfo
Source: YoransSetup.exe.0.drStatic PE information: section name: LZMADEC
Source: YoransSetup.exe.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe.0.drStatic PE information: section name: malloc_h
Source: dxcompiler.dll0.0.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll0.0.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll0.0.drStatic PE information: section name: .retplne
Source: dxcompiler.dll0.0.drStatic PE information: section name: _RDATA
Source: dxil.dll0.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll0.0.drStatic PE information: section name: .retplne
Source: libEGL.dll0.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll0.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll0.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll0.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe0.0.drStatic PE information: section name: .00cfg
Source: YoransSetup.exe0.0.drStatic PE information: section name: .gxfg
Source: YoransSetup.exe0.0.drStatic PE information: section name: .retplne
Source: YoransSetup.exe0.0.drStatic PE information: section name: .rodata
Source: YoransSetup.exe0.0.drStatic PE information: section name: CPADinfo
Source: YoransSetup.exe0.0.drStatic PE information: section name: LZMADEC
Source: YoransSetup.exe0.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe0.0.drStatic PE information: section name: malloc_h
Source: node_sqlite3.node.0.drStatic PE information: section name: _RDATA
Source: node.napi.node0.0.drStatic PE information: section name: _RDATA
Source: registry.node.0.drStatic PE information: section name: .fptable
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\dxil.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxil.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\YoransSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YoransSetup.lnkJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2924
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3181
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6956Thread sleep count: 2924 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6908Thread sleep count: 3181 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5184Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3760Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-jsJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsv7F40.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\buildJump to behavior
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}i
Source: Yoranis Setup.exe, 00000000.00000003.1942971341.0000000002B46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d
Source: Yoranis Setup.exe, 00000000.00000003.1942971341.0000000002B46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Yoranis Setup.exe, 00000000.00000003.1945860756.0000000002B51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}h
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}H
Source: Yoranis Setup.exe, 00000000.00000003.1943425658.0000000002B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Yoranis Setup.exe, 00000000.00000003.1940472067.0000000002B66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}F
Source: Yoranis Setup.exe, 00000000.00000003.1943425658.0000000002B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}pp
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Local
Source: Yoranis Setup.exe, 00000000.00000003.1942254073.0000000002B4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?
Source: Yoranis Setup.exe, 00000000.00000003.1942971341.0000000002B46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?Local;\n/g, '' ],
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Z
Source: Yoranis Setup.exe, 00000000.00000003.1945860756.0000000002B51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}EH
Source: Yoranis Setup.exe, 00000000.00000003.1943425658.0000000002B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}U
Source: Yoranis Setup.exe, 00000000.00000003.1872786906.000000000506F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga2
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.ProgramsC
Source: Yoranis Setup.exe, 00000000.00000003.1943425658.0000000002B48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#4&224f42A&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?Local;\n/g, '' ],
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000748D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: Yoranis Setup.exe, 00000000.00000003.1872786906.000000000506F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: Yoranis Setup.exe, 00000000.00000003.1944369630.0000000002B57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ER
Source: Yoranis Setup.exe, 00000000.00000003.1936563383.0000000005F4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}YGm
Source: C:\Users\user\Desktop\Yoranis Setup.exeAPI call chain: ExitProcess graph end nodegraph_0-3407
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1748 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2428 --field-trial-handle=1752,i,4411649171605099611,13407896595777131848,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: Yoranis Setup.exe, 00000000.00000003.1860033015.000000000735B000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ..\..\third_party\webrtc\modules\desktop_capture\win\window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progman..\..\third_party\webrtc\modules\desktop_capture\cropping_window_capturer.ccWindow no longer on top when ScreenCapturer finishesScreenCapturer failed to capture a frameWindow rect is emptyWindow is outside of the captured displaySysShadowWebRTC.DesktopCapture.Win.WindowGdiCapturerFrameTimeWindowCapturerWinGdi::CaptureFrame..\..\third_party\webrtc\modules\desktop_capture\win\window_capturer_win_gdi.ccWindow hasn't been selected: Target window has been closed.Failed to get drawable window area: Failed to get window DC: Failed to create frame.Both PrintWindow() and BitBlt() failed.Capturing owned window failed (previous error/warning pertained to that)WebRTC.DesktopCapture.BlankFrameDetectedWebRTC.DesktopCapture.PrimaryCapturerSelectSourceErrorWebRTC.DesktopCapture.PrimaryCapturerErrorWebRTC.DesktopCapture.PrimaryCapturerPermanentErrordwmapi.dllDwmEnableCompositionScreenCapturerWinGdi::CaptureFrame..\..\third_party\webrtc\modules\desktop_capture\win\screen_capturer_win_gdi.ccFailed to capture screen by GDI.WebRTC.DesktopCapture.Win.ScreenGdiCapturerFrameTimedesktop_dc_memory_dc_Failed to get screen rect.Failed to create frame buffer.Failed to select current bitmap into memery dc.BitBlt failed..\..\third_party\webrtc\modules\desktop_capture\win\cursor.ccCreateMouseCursorFromHCursorUnable to get cursor icon info. Error = Unable to get bitmap info. Error = Unable to get bitmap bits. Error = `
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\registry.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Passwords VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\yn2v2ma9njey\Passwords VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-dMCMG5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-dMCMG5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-dMCMG5 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0518291756 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0615447233 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0615447233 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0653671941 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0653671941 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0887538035 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0887538035 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033868256 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1287572840 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1417002460 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2109793820 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2160417493 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2265332024 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2265465471 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2385760553 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4144085054 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5281104033 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5367203117 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8351801105 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-00-50-743.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_installer.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_installer.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\dbghelp.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\dbghelp.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258b.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258b.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231003-1258c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-0929c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231004-1051c.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\prep_Form_JSI_API_not_a_real_file_V8_perf.cache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\pingme.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\pingme.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\Desktop\Yoranis Setup.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior

Remote Access Functionality

barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts211
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		11
Disable or Modify Tools		1
OS Credential Dumping		3
File and Directory Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Windows Service		1
Access Token Manipulation		1
Timestomp		11
Input Capture		36
System Information Discovery		Remote Desktop Protocol1
Data from Local System		12
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		1
Registry Run Keys / Startup Folder		1
Windows Service		1
DLL Side-Loading		Security Account Manager21
Security Software Discovery		SMB/Windows Admin Shares11
Input Capture		1
Remote Access Software		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook12
Process Injection		11
Masquerading		NTDS3
Process Discovery		Distributed Component Object Model1
Clipboard Data		2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Registry Run Keys / Startup Folder		121
Virtualization/Sandbox Evasion		LSA Secrets121
Virtualization/Sandbox Evasion		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Access Token Manipulation		Cached Domain Credentials1
Application Window Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
Process Injection		DCSync1
Remote System Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584251 Sample: Yoranis Setup.exe Startdate: 05/01/2025 Architecture: WINDOWS Score: 76 55 file.io 2->55 57 api.iwannaeatcats.com 2->57 59 2 other IPs or domains 2->59 81 Drops large PE files 2->81 83 AI detected suspicious sample 2->83 8 YoransSetup.exe 16 2->8         started        12 Yoranis Setup.exe 12 787 2->12         started        signatures3 process4 dnsIp5 71 file.io 143.244.215.221, 443, 49750, 49770 COGENT-174US United States 8->71 73 api.iwannaeatcats.com 172.67.193.41, 443, 49744, 49745 CLOUDFLARENETUS United States 8->73 75 api.gofile.io 45.112.123.126, 443, 49748, 49769 AMAZON-02US Singapore 8->75 85 Attempt to bypass Chrome Application-Bound Encryption 8->85 87 Tries to harvest and steal browser information (history, passwords, etc) 8->87 89 Excessive usage of taskkill to terminate processes 8->89 15 cmd.exe 8->15         started        18 cmd.exe 8->18         started        20 cmd.exe 8->20         started        24 60 other processes 8->24 47 C:\Users\user\AppData\...\YoransSetup.exe, PE32+ 12->47 dropped 49 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 12->49 dropped 51 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 12->51 dropped 53 34 other files (none is malicious) 12->53 dropped 22 cmd.exe 1 12->22         started        file6 signatures7 process8 dnsIp9 95 Excessive usage of taskkill to terminate processes 15->95 27 taskkill.exe 15->27         started        30 conhost.exe 15->30         started        32 WMIC.exe 18->32         started        34 conhost.exe 18->34         started        97 Suspicious powershell command line found 20->97 41 2 other processes 20->41 43 3 other processes 22->43 77 chrome.cloudflare-dns.com 162.159.61.3, 443, 49749, 62207 CLOUDFLARENETUS United States 24->77 79 239.255.255.250 unknown Reserved 24->79 36 msedge.exe 24->36         started        39 curl.exe 24->39         started        45 108 other processes 24->45 signatures10 process11 dnsIp12 91 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 32->91 93 Queries memory information (via WMI often done to detect virtual machines) 32->93 61 googlehosted.l.googleusercontent.com 142.250.185.161, 443, 49765 GOOGLEUS United States 36->61 63 ntp.msn.com 36->63 69 2 other IPs or domains 36->69 65 api.ipify.org 104.26.13.205, 49740, 80 CLOUDFLARENETUS United States 39->65 67 127.0.0.1 unknown unknown 39->67 signatures13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.