| Source: is-1ABE0.tmp.5.dr | String found in binary or memory: http://aka.ms/witclientom |
| Source: is-1ABE0.tmp.5.dr | String found in binary or memory: http://aka.ms/witclientome |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0 |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
| Source: Setup.tmp, 00000005.00000002.1815864920.000000000019C000.00000004.00000010.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
| Source: PilotEdit.exe, 00000006.00000003.2060952336.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1967579916.000000000212C000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1988284600.000000000212B000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2063574417.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2258047088.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2258125852.0000000002138000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2829131661.0000000002139000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2083162284.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2061313005.0000000002124000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0 |
| Source: PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y |
| Source: Setup.tmp, 00000005.00000002.1815864920.000000000019C000.00000004.00000010.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
| Source: PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z |
| Source: PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0 |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00 |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0? |
| Source: PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0# |
| Source: Setup.tmp, 00000005.00000002.1815864920.000000000019C000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR4 |
| Source: PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
| Source: PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0# |
| Source: PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0# |
| Source: is-1BONH.tmp.5.dr | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd |
| Source: is-1BONH.tmp.5.dr | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd |
| Source: Setup.tmp, 00000005.00000002.1815864920.000000000019C000.00000004.00000010.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: http://ocsp.comodoca.com0 |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://ocsp.digicert.com0C |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://ocsp.digicert.com0O |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.rootca1.amazontrust.com0: |
| Source: is-MF6KC.tmp.5.dr | String found in binary or memory: http://ocsp.sectigo.com0 |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://s2.symcb.com0 |
| Source: is-1BONH.tmp.5.dr | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issueshttp://schemas.xmlsoap.org/ws/2005/05/identity/NoP |
| Source: is-1BONH.tmp.5.dr | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueT |
| Source: is-1BONH.tmp.5.dr | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueT |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://sv.symcb.com/sv.crl0a |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://sv.symcd.com0& |
| Source: PilotEdit.exe, 00000006.00000000.1810988608.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000414F000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2827148281.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, is-MF6KC.tmp.5.dr | String found in binary or memory: http://www.chilkatsoft.com/p/p_463.asp) |
| Source: PilotEdit.exe, 00000006.00000000.1810988608.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000414F000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2827148281.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, is-MF6KC.tmp.5.dr | String found in binary or memory: http://www.cknotes.com/?p=210 |
| Source: PilotEdit.exe, 00000006.00000000.1810988608.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000414F000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2827148281.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, is-MF6KC.tmp.5.dr | String found in binary or memory: http://www.cknotes.com/?p=217 |
| Source: PilotEdit.exe, 00000006.00000000.1810988608.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000414F000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2827148281.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, is-MF6KC.tmp.5.dr | String found in binary or memory: http://www.cknotes.com/?p=411 |
| Source: PilotEdit.exe, 00000006.00000000.1810988608.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000414F000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2827148281.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, is-MF6KC.tmp.5.dr | String found in binary or memory: http://www.cknotes.com/?p=411The |
| Source: PilotEdit.exe, 00000006.00000000.1810988608.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000414F000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2827148281.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, is-MF6KC.tmp.5.dr | String found in binary or memory: http://www.cknotes.com/?p=91 |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
| Source: is-V00IP.tmp.5.dr | String found in binary or memory: http://www.gotdotnet.com/5PlatformAssembliesLocation |
| Source: Setup.exe, Setup.tmp.0.dr, Setup.tmp.3.dr | String found in binary or memory: http://www.innosetup.com/ |
| Source: Setup.exe | String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU |
| Source: is-MF6KC.tmp.5.dr | String found in binary or memory: http://www.pilotedit.com |
| Source: PilotEdit.exe, 00000006.00000000.1810988608.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000414F000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2827148281.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, is-MF6KC.tmp.5.dr | String found in binary or memory: http://www.pilotedit.comopen |
| Source: PilotEdit.exe, 00000006.00000000.1810988608.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000414F000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2827148281.00000000008B4000.00000002.00000001.01000000.0000000E.sdmp, is-MF6KC.tmp.5.dr | String found in binary or memory: http://www.pilotedit.comopen0- |
| Source: Setup.exe, Setup.tmp.0.dr, Setup.tmp.3.dr | String found in binary or memory: http://www.remobjects.com/ps |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://www.symauth.com/cps0( |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://www.symauth.com/rpa00 |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: http://www.winzip.com/authenticode.htm0 |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.c.lencr.org/0 |
| Source: PilotEdit.exe, 00000006.00000003.2025702867.0000000004F3D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://x1.i.lencr.org/0 |
| Source: PilotEdit.exe, 00000006.00000003.1990294038.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990133672.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990499108.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
| Source: is-1ABE0.tmp.5.dr | String found in binary or memory: https://aka.ms/teamexplorer2019 |
| Source: PilotEdit.exe, 00000006.00000003.1967579916.000000000212C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://balancedzlife.tech/ |
| Source: PilotEdit.exe, 00000006.00000003.1967579916.000000000212C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://balancedzlife.tech/A |
| Source: PilotEdit.exe, 00000006.00000003.1967579916.000000000212C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://balancedzlife.tech/api |
| Source: PilotEdit.exe, 00000006.00000003.1967579916.000000000212C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://balancedzlife.tech:443/api-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerno-cachePragm |
| Source: PilotEdit.exe, 00000006.00000003.2027446014.0000000004EA8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700 |
| Source: PilotEdit.exe, 00000006.00000003.2049154075.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2060217504.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042378962.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042768102.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta |
| Source: PilotEdit.exe, 00000006.00000003.1990294038.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990133672.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990499108.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
| Source: PilotEdit.exe, 00000006.00000003.1990294038.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990133672.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990499108.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
| Source: PilotEdit.exe, 00000006.00000003.1990294038.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990133672.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990499108.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
| Source: PilotEdit.exe, 00000006.00000003.2027446014.0000000004EA8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg |
| Source: PilotEdit.exe, 00000006.00000003.2049154075.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2060217504.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042378962.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042768102.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: https://d.symcb.com/cps0% |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: https://d.symcb.com/rpa0 |
| Source: PilotEdit.exe, 00000006.00000003.1990294038.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990133672.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990499108.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
| Source: PilotEdit.exe, 00000006.00000003.1990294038.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990133672.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990499108.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
| Source: PilotEdit.exe, 00000006.00000003.1990294038.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990133672.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990499108.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
| Source: is-JOM36.tmp.5.dr, is-DNNFJ.tmp.5.dr | String found in binary or memory: https://github.com/NuGet/NuGet.Client |
| Source: PilotEdit.exe, 00000006.00000003.2049154075.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2060217504.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042378962.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042768102.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2027446014.0000000004EA8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi |
| Source: is-1BONH.tmp.5.dr | String found in binary or memory: https://login.microsoftonline.com/extSTS.srf%SPSNoSecurityToken)SPSNoTokenExpiration |
| Source: is-1BONH.tmp.5.dr | String found in binary or memory: https://login.microsoftonline.comXhttps://login.microsoftonline.com/extSTS.srf |
| Source: is-1BONH.tmp.5.dr | String found in binary or memory: https://management.core.windows.net |
| Source: PilotEdit.exe, 00000006.00000003.1988284600.000000000212B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://mercharena.biz/ |
| Source: PilotEdit.exe, 00000006.00000003.1951413578.0000000004F56000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1951413578.000000000AA6B000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, is-MF6KC.tmp.5.dr | String found in binary or memory: https://sectigo.com/CPS0 |
| Source: PilotEdit.exe, 00000006.00000002.2829000770.00000000020F6000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2060879771.000000000217C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/ |
| Source: PilotEdit.exe, 00000006.00000003.1988284600.000000000212B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/. |
| Source: PilotEdit.exe, 00000006.00000003.1988284600.000000000212B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/; |
| Source: PilotEdit.exe, 00000006.00000003.2060217504.0000000004E26000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/Gmcg |
| Source: PilotEdit.exe, 00000006.00000003.2060217504.0000000004E26000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/J/i13s6 |
| Source: PilotEdit.exe, 00000006.00000003.2083162284.000000000217C000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2060879771.000000000217C000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2829131661.0000000002139000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2257689319.000000000217C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/api |
| Source: PilotEdit.exe, 00000006.00000003.2049154075.0000000004EA1000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042768102.0000000004EA1000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042378962.0000000004EA0000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/apidu |
| Source: PilotEdit.exe, 00000006.00000003.2060879771.000000000217C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/apie |
| Source: PilotEdit.exe, 00000006.00000003.1988284600.000000000212B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/apii |
| Source: PilotEdit.exe, 00000006.00000002.2829202421.000000000217C000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2083530809.000000000217C000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2083162284.000000000217C000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2257689319.000000000217C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/apii1 |
| Source: PilotEdit.exe, 00000006.00000003.2258047088.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2258125852.0000000002138000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2829131661.0000000002139000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/apil |
| Source: PilotEdit.exe, 00000006.00000003.2060879771.000000000217C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/apin |
| Source: PilotEdit.exe, 00000006.00000002.2830302217.0000000004E10000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/k |
| Source: PilotEdit.exe, 00000006.00000002.2830302217.0000000004E10000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/l |
| Source: PilotEdit.exe, 00000006.00000003.1988284600.000000000212B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/o |
| Source: PilotEdit.exe, 00000006.00000003.2060217504.0000000004E26000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/ptOB |
| Source: PilotEdit.exe, 00000006.00000003.2060217504.0000000004E26000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/tI89 |
| Source: PilotEdit.exe, 00000006.00000003.1988284600.000000000212B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://stormlegue.com/z |
| Source: PilotEdit.exe, 00000006.00000003.2027042746.000000000515D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br |
| Source: PilotEdit.exe, 00000006.00000003.2027042746.000000000515D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all |
| Source: PilotEdit.exe, 00000006.00000003.1967579916.000000000212C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://t.me/prolksehr3 |
| Source: PilotEdit.exe, 00000006.00000003.1967579916.000000000212C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://web.telegram.org |
| Source: PilotEdit.exe, 00000006.00000003.2049154075.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2060217504.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042378962.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2042768102.0000000004EA7000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64 |
| Source: PilotEdit.exe, 00000006.00000003.1988233118.0000000002171000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/5xx-error-landing |
| Source: PilotEdit.exe, 00000006.00000003.1988233118.0000000002171000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/ |
| Source: is-KU21U.tmp.5.dr | String found in binary or memory: https://www.digicert.com/CPS0 |
| Source: PilotEdit.exe, 00000006.00000003.1990294038.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990133672.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990499108.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
| Source: PilotEdit.exe, 00000006.00000003.1990294038.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990133672.0000000004E60000.00000004.00000800.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1990499108.0000000004E5D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
| Source: PilotEdit.exe, 00000006.00000003.2027446014.0000000004EA8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr |
| Source: PilotEdit.exe, 00000006.00000003.2027042746.000000000515D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT |
| Source: PilotEdit.exe, 00000006.00000003.2027042746.000000000515D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6 |
| Source: PilotEdit.exe, 00000006.00000003.2027042746.000000000515D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox |
| Source: PilotEdit.exe, 00000006.00000003.2027042746.000000000515D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig |
| Source: PilotEdit.exe, 00000006.00000003.2027042746.000000000515D000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www. |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: acgenral.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: msacm32.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: winmmbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: winmmbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: msimg32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: shfolder.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: rstrtmgr.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: appresolver.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: slc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: sppc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: acgenral.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: msacm32.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: winmmbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: winmmbase.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Setup.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: msimg32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: shfolder.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: rstrtmgr.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: textshaping.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: sfc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: sfc_os.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: explorerframe.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: oledlg.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: wsock32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: webio.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-1ABE0.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-0RUKS.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\MpRtp.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Local\Temp\is-16N32.tmp\_isetup\_setup64.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\NuGet.PackageManagement.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | File created: C:\Users\user\AppData\Local\Temp\is-NLL60.tmp\_isetup\_iscrypt.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\WzAddrycts64.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\Desktop\Setup.exe | File created: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-9I2OC.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-6TF3I.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\sqlcese35.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Local\Temp\is-16N32.tmp\_isetup\_shfoldr.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.TeamFoundation.Deployment.Workflow.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-1BONH.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-MF6KC.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.VisualStudio.LanguageServices.TypeScript.resources.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-DNNFJ.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Local\Temp\is-16N32.tmp\_isetup\_iscrypt.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Local\Temp\is-16N32.tmp\_isetup\_isdecmp.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\ssh.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-J74UI.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | File created: C:\Users\user\AppData\Local\Temp\is-NLL60.tmp\_isetup\_shfoldr.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.VisualStudio.TeamFoundation.WorkItemTracking.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-JOM36.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-B6AOM.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-3KHUI.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.WebTools.ProjectSystem.Components.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\FxCopCommon.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\msys-pcre-1.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.VisualStudio.Workspace.ExternalBuildFramework.VS.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-IDBJG.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-V00IP.tmp | Jump to dropped file |
| Source: C:\Users\user\Desktop\Setup.exe | File created: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-KU21U.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | File created: C:\Users\user\AppData\Local\Temp\is-NLL60.tmp\_isetup\_isdecmp.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | File created: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\NuGet.Common.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | File created: C:\Users\user\AppData\Local\Temp\is-NLL60.tmp\_isetup\_setup64.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-1ABE0.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-0RUKS.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\MpRtp.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-16N32.tmp\_isetup\_setup64.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\NuGet.PackageManagement.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NLL60.tmp\_isetup\_iscrypt.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\WzAddrycts64.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-9I2OC.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-6TF3I.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\sqlcese35.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-16N32.tmp\_isetup\_shfoldr.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.TeamFoundation.Deployment.Workflow.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-1BONH.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.VisualStudio.LanguageServices.TypeScript.resources.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-DNNFJ.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-16N32.tmp\_isetup\_iscrypt.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-16N32.tmp\_isetup\_isdecmp.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\ssh.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NLL60.tmp\_isetup\_shfoldr.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-J74UI.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.VisualStudio.TeamFoundation.WorkItemTracking.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-B6AOM.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-JOM36.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-3KHUI.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.WebTools.ProjectSystem.Components.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\msys-pcre-1.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\FxCopCommon.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\Microsoft.VisualStudio.Workspace.ExternalBuildFramework.VS.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-IDBJG.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-V00IP.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\is-KU21U.tmp | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NLL60.tmp\_isetup\_isdecmp.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-DR2HE.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\NuGet.Common.dll (copy) | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\Temp\is-6R8MJ.tmp\Setup.tmp | Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NLL60.tmp\_isetup\_setup64.tmp | Jump to dropped file |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: tasks.office.comVMware20,11696501413o |
| Source: Setup.tmp, 00000002.00000002.1598608810.0000000000748000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\)@ |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: netportal.hdfcbank.comVMware20,11696501413 |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~ |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: dev.azure.comVMware20,11696501413j |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive userers - COM.HKVMware20,11696501413 |
| Source: PilotEdit.exe, PilotEdit.exe, 00000006.00000003.2060952336.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1967579916.000000000212C000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1988284600.000000000212B000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2063574417.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2258047088.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2829061430.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2828871558.00000000020E4000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2083162284.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2061313005.0000000002124000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413 |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: secure.bankofamerica.comVMware20,11696501413|UE |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: bankofamerica.comVMware20,11696501413x |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696501413} |
| Source: PilotEdit.exe, 00000006.00000003.2060952336.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1967579916.000000000212C000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.1988284600.000000000212B000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2063574417.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2258047088.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000002.2829061430.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2083162284.0000000002124000.00000004.00000020.00020000.00000000.sdmp, PilotEdit.exe, 00000006.00000003.2061313005.0000000002124000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWeY? |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413 |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Transaction PasswordVMware20,11696501413x |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: turbotax.intuit.comVMware20,11696501413t |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive userers - HKVMware20,11696501413] |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office.comVMware20,11696501413s |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413 |
| Source: PilotEdit.exe, 00000006.00000003.2008526732.0000000004F38000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: - GDCDYNVMware20,11696501413p |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: account.microsoft.com/profileVMware20,11696501413u |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Interactive userers - EU WestVMware20,11696501413n |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ms.portal.azure.comVMware20,11696501413 |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413 |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: www.interactiveuserers.comVMware20,11696501413} |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactiveuserers.co.inVMware20,11696501413d |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: global block list test formVMware20,11696501413 |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: outlook.office365.comVMware20,11696501413t |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^ |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: interactiveuserers.comVMware20,11696501413 |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: discord.comVMware20,11696501413f |
| Source: PilotEdit.exe, 00000006.00000003.2008753647.0000000004E52000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: AMC password management pageVMware20,11696501413 |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\logins.json | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cert9.db | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.js | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\formhistory.sqlite | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.db | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\{73E5A364-F722-4251-A2AD-B613D6FDA6BD}\PilotEdit.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa | Jump to behavior |
Edit tour
Setup.exe (PID: 5024 cmdline: 
PilotEdit.exe (PID: 3068 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
