| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/1085 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/1423136 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/1423136Frontend |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/1452 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/1512 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/1637 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/1936 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/2046 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/2152 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/2162 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/2273 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/2517 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/2894 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/2970 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/2978 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3027 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3045 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3078 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3205 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3206 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3246 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3452 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3498 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3502 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3577 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3584 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3586 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3623 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3624 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3625 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3682 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3729 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3832 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3862 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3965 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3970 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/3997 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4214 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4267 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4324 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4384 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4405 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4428 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4551 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4633 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4646 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4722 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/482 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4836 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4901 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/4937 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5007 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5055 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5061 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5281 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5371 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5375 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5421 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5430 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5469 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5535 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5577 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5658 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5750 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5881 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5901 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/5906 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6041 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6048 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6141 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6248 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6439 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6651 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6692 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6755 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6860 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6876 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6878 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6929 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/6953 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7036 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7047 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7172 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7279 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7370 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7406 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7488 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7527 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7553 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7556 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7724 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7760 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7761 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://anglebug.com/7761disableProgramCachingDisables |
| Source: explorer.exe, 00000007.00000000.1576389816.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1578678923.0000000008F83000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/1094869 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/110263 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/1144207 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/1171371 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/1181068 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/1181193 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/1420130 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/1456243 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/308366 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/403957 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/550292 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/565179 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/642227 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/642605 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/644669 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/650547 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/672380 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/709351 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/797243 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/809422 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/830046 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/849576 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/883276 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/927470 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/941620 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere |
| Source: explorer.exe, 00000007.00000000.1576389816.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1578678923.0000000008F83000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
| Source: explorer.exe, 00000007.00000000.1576389816.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1578678923.0000000008F83000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
| Source: elevate.exe.0.dr | String found in binary or memory: http://int3.de/ |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: http://issuetracker.google.com/200067929 |
| Source: Mansion_setup (1).exe | String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
| Source: explorer.exe, 00000007.00000000.1576389816.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.1578678923.0000000008F83000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di |
| Source: explorer.exe, 00000007.00000000.1578233176.0000000008820000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1578209820.0000000008810000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.1577554321.0000000007C70000.00000002.00000001.00040000.00000000.sdmp | String found in binary or memory: http://schemas.micro |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071B2000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.foreca.com |
| Source: explorer.exe, 00000007.00000000.1578678923.0000000008F83000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp |
| Source: explorer.exe, 00000007.00000000.1578678923.000000000913F000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://android.notify.windows.com/iOS |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/4674 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/4830 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/4849 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/4966 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/5140 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/5536 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/5845 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/6574 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7161 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7162 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7246 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7308 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7319 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7320 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7369 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7382 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7405 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7489 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7604 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7714 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7847 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://anglebug.com/7899 |
| Source: explorer.exe, 00000007.00000000.1578678923.0000000008F09000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows? |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=DD4083B70FE54739AB05D6BBA3484042&timeOut=5000&oc |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows? |
| Source: explorer.exe, 00000007.00000000.1578678923.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://arc.msn.com |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106 |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://chrome.google.com/webstore/category/extensions |
| Source: fr.pak.0.dr | String found in binary or memory: https://chrome.google.com/webstore?hl=fr&category=theme81https://myactivity.google.com/myactivity/?u |
| Source: fr.pak.0.dr | String found in binary or memory: https://chrome.google.com/webstore?hl=frRaccourci |
| Source: sw.pak.0.dr | String found in binary or memory: https://chrome.google.com/webstore?hl=sw&category=theme81https://myactivity.google.com/myactivity/?u |
| Source: sw.pak.0.dr | String found in binary or memory: https://chrome.google.com/webstore?hl=swUmeondoa |
| Source: zh-CN.pak.0.dr | String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN |
| Source: zh-CN.pak.0.dr | String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://chromium.googlesource.com/angle/angle/ |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/1042393 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/1046462 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/1060012 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/1091824 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/1137851 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/1300575 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/1356053 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/593024 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/650547 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/650547callClearTwiceUsing |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/655534 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/705865 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/710443 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/811661 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://crbug.com/848952 |
| Source: explorer.exe, 00000007.00000000.1581782657.000000000C091000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://excel.office.com |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1c9Jin.img |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/161903006 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/166809097 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/184850002 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/187425444 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/220069903 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/229267970 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/250706693 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/253522366 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/255411748 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/274859104 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/275210062 |
| Source: libGLESv2.dll.0.dr | String found in binary or memory: https://issuetracker.google.com/issues/166475273 |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://myactivity.google.com/ |
| Source: explorer.exe, 00000007.00000000.1581782657.000000000C091000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://outlook.com |
| Source: sw.pak.0.dr | String found in binary or memory: https://passwords.google.comAkaunti |
| Source: fr.pak.0.dr | String found in binary or memory: https://passwords.google.comCompte |
| Source: zh-CN.pak.0.dr | String found in binary or memory: https://passwords.google.comGoogle |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://policies.google.com/ |
| Source: explorer.exe, 00000007.00000000.1581782657.000000000C091000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://powerpoint.office.com |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr | String found in binary or memory: https://support.google.com/chrome/a/answer/9122284 |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://support.google.com/chrome/answer/6098869 |
| Source: zh-CN.pak.0.dr, fr.pak.0.dr, sw.pak.0.dr | String found in binary or memory: https://support.google.com/chromebook?p=app_intent |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew |
| Source: explorer.exe, 00000007.00000000.1578678923.00000000090F2000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://wns.windows.com/ |
| Source: explorer.exe, 00000007.00000000.1581782657.000000000C091000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://word.office.com |
| Source: zh-CN.pak.0.dr | String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html |
| Source: fr.pak.0.dr | String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlG |
| Source: sw.pak.0.dr | String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlInasimamiwa |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar- |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/music/news/6-rock-ballads-that-tug-at-the-heartstrings/ar-AA1hIdsm |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch- |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/weather/topstories/here-s-who-could-see-above-average-snowfall-this-winter |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com:443/en-us/feed |
| Source: explorer.exe, 00000007.00000000.1576389816.00000000071B2000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.pollensense.com/ |
| Source: unknown | Process created: C:\Users\user\Desktop\Mansion_setup (1).exe "C:\Users\user\Desktop\Mansion_setup (1).exe" | |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Process created: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe "C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\my-electron-app" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1652 --field-trial-handle=1680,i,17790820734740734710,14756549403870583201,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 | |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe "C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\my-electron-app" --mojo-platform-channel-handle=2864 --field-trial-handle=1680,i,17790820734740734710,14756549403870583201,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 | |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe "C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\my-electron-app" --app-path="C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1739624080749253 --launch-time-ticks=5384764539 --mojo-platform-channel-handle=3108 --field-trial-handle=1680,i,17790820734740734710,14756549403870583201,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1 | |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\games\DDR5_NetCache\qtZint.exe C:\games\DDR5_NetCache\qtZint.exe | |
| Source: C:\Windows\explorer.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" | |
| Source: C:\Windows\explorer.exe | Process created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe" | |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 364 | |
| Source: C:\Windows\explorer.exe | Process created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe" | |
| Source: C:\Windows\System32\svchost.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr15B6.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0fbef96/bd5c97e1" | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2228,i,1313803575449606696,11911411455849681461,262144 /prefetch:8 | |
| Source: C:\Windows\System32\svchost.exe | Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr19FD.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0fbef96/0da50779" | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2224,i,3086125716147971170,5077429259784092469,262144 /prefetch:3 | |
| Source: C:\Windows\System32\svchost.exe | Process created: C:\Program Files\Windows Media Player\wmpshare.exe "C:\Program Files\Windows Media Player\wmpshare.exe" | |
| Source: C:\Program Files\Windows Media Player\wmpshare.exe | Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" | |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Process created: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe "C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\my-electron-app" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1652 --field-trial-handle=1680,i,17790820734740734710,14756549403870583201,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe "C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\my-electron-app" --mojo-platform-channel-handle=2864 --field-trial-handle=1680,i,17790820734740734710,14756549403870583201,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe "C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\my-electron-app" --app-path="C:\Users\user~1\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1739624080749253 --launch-time-ticks=5384764539 --mojo-platform-channel-handle=3108 --field-trial-handle=1680,i,17790820734740734710,14756549403870583201,262144 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1 | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process created: C:\games\DDR5_NetCache\qtZint.exe C:\games\DDR5_NetCache\qtZint.exe | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe" | |
| Source: C:\Windows\SysWOW64\svchost.exe | Process created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe" | |
| Source: C:\Windows\System32\svchost.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr15B6.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0fbef96/bd5c97e1" | |
| Source: C:\Windows\System32\svchost.exe | Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user~1\AppData\Local\Temp\chr19FD.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/d0fbef96/0da50779" | |
| Source: C:\Windows\System32\svchost.exe | Process created: C:\Program Files\Windows Media Player\wmpshare.exe "C:\Program Files\Windows Media Player\wmpshare.exe" | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2272 --field-trial-handle=2228,i,1313803575449606696,11911411455849681461,262144 /prefetch:8 | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2224,i,3086125716147971170,5077429259784092469,262144 /prefetch:3 | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Windows Media Player\wmpshare.exe | Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" | |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: oleacc.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: shfolder.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: iconcodecservice.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: windowscodecs.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: windows.fileexplorer.common.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: ntshrui.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: ffmpeg.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: uiautomationcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dbghelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dwrite.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: secur32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: powrprof.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: umpdc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: kbdus.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: nlaapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: windows.ui.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: windowmanagementapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: inputhost.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: wtsapi32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winsta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: mscms.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: coloradapterclient.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: mmdevapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: devobj.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: iconcodecservice.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: windowscodecs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dataexchange.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: d3d11.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dcomp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dxgi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: windows.globalization.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: bcp47mrm.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: twinapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: msspellcheckingfacility.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: atlthunk.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: oleacc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: directmanipulation.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: napinsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: pnrpnsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: wshbth.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winrnr.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: ffmpeg.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: uiautomationcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dbghelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dwrite.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: secur32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: powrprof.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: umpdc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dxgi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: mf.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: mfplat.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: rtworkq.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: msmpeg2vdec.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: mfperfhelper.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dxva2.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: msvproc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: d3d11.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dcomp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: d3d10warp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dxcore.dll | Jump to behavior |
| Source: C:\Windows\explorer.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
| Source: C:\Windows\explorer.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\Windows\explorer.exe | Section loaded: msvcp140.dll | Jump to behavior |
| Source: C:\Windows\explorer.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: ffmpeg.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: uiautomationcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dbghelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dwrite.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: secur32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: powrprof.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: umpdc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: kbdus.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: nlaapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: ffmpeg.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: uiautomationcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dbghelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dwrite.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: secur32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: powrprof.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: umpdc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: oleacc.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: msimg32.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: webio.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\ExtractJPEGcmd.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: wtsapi32.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: opengl32.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: msvcp140.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: glu32.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: kernel.appcore.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: wbemcomn.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: amsi.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: userenv.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: profapi.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: version.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: uxtheme.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: windows.storage.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: wldp.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: sspicli.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: mpr.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: powrprof.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: umpdc.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: wbemcomn.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: wbemcomn.dll | |
| Source: C:\Windows\SysWOW64\svchost.exe | Section loaded: mswsock.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: cryptbase.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: netapi32.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: mswsock.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dnsapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: iphlpapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: rasadhlp.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: fwpuclnt.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dpapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: uxtheme.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wkscli.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: cscapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | |
| Source: C:\Program Files\Windows Media Player\wmpshare.exe | Section loaded: cryptbase.dll | |
| Source: C:\Program Files\Windows Media Player\wmpshare.exe | Section loaded: mswsock.dll | |
| Source: C:\Program Files\Windows Media Player\wmpshare.exe | Section loaded: uxtheme.dll | |
| Source: C:\Windows\System32\dllhost.exe | Section loaded: cryptbase.dll | |
| Source: C:\Windows\System32\dllhost.exe | Section loaded: iphlpapi.dll | |
| Source: C:\Windows\System32\dllhost.exe | Section loaded: mswsock.dll | |
| Source: C:\Windows\System32\dllhost.exe | Section loaded: dhcpcsvc.dll | |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\Desktop\Mansion_setup (1).exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\explorer.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\2sBmKhYkAMuETMmMTCVRNvTLAaj\Mansion.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\games\DDR5_NetCache\qtZint.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\svchost.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX | |
| Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX | |
| Source: C:\Windows\System32\svchost.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Windows\System32\svchost.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Program Files\Windows Media Player\wmpshare.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Program Files\Windows Media Player\wmpshare.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Program Files\Windows Media Player\wmpshare.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Windows\System32\dllhost.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Windows\System32\dllhost.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX | |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\y572q81e.default |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\startupCache |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67 |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing\google4 |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\safebrowsing |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser\newtab |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\doomed |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\thumbnails |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2 |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\settings\main\ms-language-packs\browser |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache |
| Source: C:\Windows\System32\svchost.exe | File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fu7wner3.default-release\cache2\entries |
Edit tour
Mansion_setup (1).exe (PID: 7608 cmdline: 
explorer.exe (PID: 4056 cmdline: 
MSBuild.exe (PID: 2044 cmdline: 
WerFault.exe (PID: 4240 cmdline: 
svchost.exe (PID: 7620 cmdline: 
chrome.exe (PID: 5688 cmdline: 
msedge.exe (PID: 6900 cmdline: 
wmpshare.exe (PID: 4692 cmdline: 
ExtractJPEGcmd.exe (PID: 7428 cmdline: 
qtZint.exe (PID: 6664 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
