Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\TextInputFramework.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wkernel32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000524F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\CoreUIComponents.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000527C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\wmswsock.pdbeWinStationGetUserCerti9NXZc^ source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dhcpcsvc.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A798000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: fwbase.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009E62000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcrt.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005260000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdsapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.0000000008AD6000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: e3samlib.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D9E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\fwpuclnt.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\FWPolicyIOMgr.pdbdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\DLL\dhcpcsvc6.pdbdbq source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdbationC source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: advapi32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000525A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wsspicli.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009839000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcrypt.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009415000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: usp10.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000952E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: usp10.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000952E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CoreMessaging.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A327000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009BB6000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\wbemprox.pdbZ source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: cryptbase.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009844000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: comdlg32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005271000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleacc.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009300000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: MFWMAAEC.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A0A5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: fwbase.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009E62000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wbemsvc.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A5CC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wmswsock.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A7F5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: secur32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009472000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: winmm.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009650000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: powrprof.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000935B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wwin32u.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005282000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ole32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085FC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdbWinSt source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: FWPolicyIOMgr.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009EC5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Windows.UI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A1B9000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdbnGetAl( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rasadhlp.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A852000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\wmswsock.pdb< source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: cfgmgr32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A03B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Windows.Storage.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C10000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wuser32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085DE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wkernel32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000524F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: twinapi.appcore.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A3DC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc.pdb\*s source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: netutils.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000984A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdsapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.0000000008AD6000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ole32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085FC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rasadhlp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A852000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wininet.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.00000000095E7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Kernel.Appcore.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C77000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wgdi32full.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000528D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shell32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085F1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dhcpcsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A798000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: asamlib.pdbll\samlib.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A445000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\samlib.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: twinapi.appcore.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A3DC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mfperfhelper.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A0FF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: comctl32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.000000000860D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: comdlg32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005271000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\profapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: winmm.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009650000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: devobj.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009FDF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\CoreMessaging.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleacc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009300000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shell32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085F1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: samcli.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000982E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcp_win.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085E4000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: MFWMAAEC.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A0A5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WindowManagementAPI.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A2CD000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wUxTheme.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009AF8000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: winhttp.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000958A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\CoreMessaging.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dbghelp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.000000000861E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\twinapi.appcore.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wgdi32full.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000528D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: sechost.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005266000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: audioses.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A15F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: fastprox.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A626000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\winsta.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wbemsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A5CC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: fastprox.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A626000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\bcryptprimitives.pdbh source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: FWPolicyIOMgr.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009EC5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: TextInputFramework.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A218000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdb\* source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dnsapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D9E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdbationN source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dbghelp.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.000000000861E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Github-runner\_work\agent-windows\agent-windows\console\Win32\Release\getscreen.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.00000000013F2000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp |
Source: | Binary string: netapi32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.0000000008AD0000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009BB6000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mfperfhelper.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A0FF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Windows.UI.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A1B9000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\samlib.pdbbp source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: iphlpapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.0000000008629000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\InputHost.pdbiu source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\samlib.pdbbt source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wuser32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085DE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: InputHost.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A445000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wininet.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.00000000095E7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CLBCatQ.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009CDC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: cfgmgr32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A03B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: profapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C71000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntmarta.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009F28000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcrypt.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009415000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wrpcrt4.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000526B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CoreMessaging.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A327000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\DLL\dhcpcsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\JSAMSIProvider32.pdbH source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000527C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\WindowManagementAPI.pdbR source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: audioses.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A15F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntmarta.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009F28000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CLBCatQ.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009CDC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\fwpuclnt.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\JSAMSIProvider32.pdbX source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wkernelbase.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005255000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shlwapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085EB000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\rasadhlp.pdb0 source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: samcli.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000982E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\samlib.pdbPoli source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: netapi32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.0000000008AD0000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\winsta.pdbb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CoreUIComponents.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A272000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: InputHost.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A445000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\MpOAV.pdbdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\MpOAV.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WinTypes.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A382000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: iphlpapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.0000000008629000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\InputHost.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: MMDevAPI.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009F84000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\twinapi.appcore.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\WindowManagementAPI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wrpcrt4.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000526B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\wbemsvc.pdb\**m3r source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: FirewallAPI.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D37000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\fwpuclnt.pdb| source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\rasadhlp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\JSAMSIProvider32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\exe\getscreen-799952897-x86.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: secur32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009472000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: TextInputFramework.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A218000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\exe\getscreen-799952897-x86.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003088000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: netutils.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000984A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\rasadhlp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcp_win.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085E4000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WinTypes.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A382000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WindowManagementAPI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A2CD000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shlwapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085EB000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleaut32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.0000000008602000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wsspicli.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009839000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: MMDevAPI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009F84000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\propsys.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\Amsi.pdbA source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: FirewallAPI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D37000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\DLL\dhcpcsvc.pdbp source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\JSAMSIProvider32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: powrprof.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000935B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dnsapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D9E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CoreUIComponents.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A272000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wwin32u.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005282000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\exe\getscreen-799952897-x86.pdbU source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003088000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: winhttp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000958A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Windows.Storage.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C10000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: sechost.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005266000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: devobj.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009FDF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dhcpcsvc6.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A73D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\InputHost.pdbb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wbemprox.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A56D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\DLL\dhcpcsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcrt.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005260000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dhcpcsvc6.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A73D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: profapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C71000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\MpOAV.pdbb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\fastprox.pdb\*I.dl~ source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \user\Desktop\dll\wbemsvc.pdbs\ source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\rasadhlp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\DLL\dhcpcsvc6.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005248000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wmswsock.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A7F5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\Windows.Storage.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\CoreMessaging.pdbbx source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\fastprox.pdbT source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\samlib.pdbcens4 source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C77000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wUxTheme.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009AF8000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: cryptbase.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009844000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wkernelbase.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005255000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\wbemsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleaut32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.0000000008602000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\InputHost.pdb* source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\wmswsock.pdb\* source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: comctl32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.000000000860D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wbemprox.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A56D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\samlib.pdbP* source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0 |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: svchost.exe, 00000005.00000002.2960186878.00000255B7E00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.ver) |
Source: svchost.exe, 00000005.00000003.1773652655.00000255B8018000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
Source: edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5 |
Source: edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
Source: edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
Source: svchost.exe, 00000005.00000003.1773652655.00000255B8018000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
Source: svchost.exe, 00000005.00000003.1773652655.00000255B8018000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
Source: svchost.exe, 00000005.00000003.1773652655.00000255B804D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
Source: edb.log.5.dr | String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.00000000013F2000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://proxy.contoso.com:3128/ |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01 |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01http://www.webrtc.org/exper |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-timeurn:3gpp:video-orientationhttp://www.we |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00 |
Source: getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cn |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02 |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-frame-tracking-id |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00 |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.00000000013F2000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: http://www.winimage.com/zLibDll |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.00000000017C1000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.00000000013F2000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: https://docs.g |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.00000000013F2000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: https://docs.ge |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.00000000013F2000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: https://docs.getsa |
Source: getscreen-799952897-x86.exe, 00000004.00000002.1928499402.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp | String found in binary or memory: https://docs.getsc |
Source: getscreen-799952897-x86.exe, 00000002.00000003.1969721205.000000000888E000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1987985566.0000000008893000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000003.1959320258.000000000888B000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000003.1966623879.000000000888C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://docs.getscr |
Source: getscreen-799952897-x86.exe, 00000002.00000003.1978137925.0000000003462000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000003.1976524046.0000000003461000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000003.1976404197.0000000003457000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://docs.getscreen.me |
Source: getscreen-799952897-x86.exe, 00000004.00000002.1928331163.000000000099C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://docs.getscreen.me/en/rules/privacy-policy/ |
Source: getscreen-799952897-x86.exe, 00000004.00000002.1928331163.000000000099C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://docs.getscreen.me/en/rules/terms-of-use/ |
Source: getscreen-799952897-x86.exe, 00000002.00000003.1940058537.0000000007FB8000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000003.1950392828.0000000007EE2000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://docs.getscreen.me/user-guides/agent/ |
Source: getscreen-799952897-x86.exe, 00000002.00000003.1770965031.0000000007FB8000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000003.1940058537.0000000007FB8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://docs.getscreen.me/user-guides/agent/div |
Source: svchost.exe, 00000005.00000003.1773652655.00000255B80C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6 |
Source: edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/Prod.C: |
Source: edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2 |
Source: edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C: |
Source: svchost.exe, 00000005.00000003.1773652655.00000255B80C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96 |
Source: svchost.exe, 00000005.00000003.1773652655.00000255B80C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe |
Source: edb.log.5.dr | String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C: |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: msdmo.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: ntdsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: sas.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: usp10.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dsparse.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: fwpolicyiomgr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: mmdevapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: devobj.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: avrt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: mfwmaaec.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: mfperfhelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: avrt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: audioses.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: windows.ui.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: windowmanagementapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: inputhost.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wbemcomn.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: amsi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: samlib.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: symsrv.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: msdmo.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: ntdsapi.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: sas.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: usp10.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: dsparse.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\ProgramData\Getscreen.me\ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: msdmo.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: ntdsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: sas.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: usp10.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dsparse.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: d2d1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dwrite.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dataexchange.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dcomp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: directmanipulation.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: d3d10warp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dxcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: mscms.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: coloradapterclient.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: icm32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: uiautomationcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: seclogon.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: d3d11.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dbghelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: msdmo.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: netapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: ntdsapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: sas.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: secur32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: usp10.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: winmm.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: dsparse.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\getscreen-799952897-x86.exe | Section loaded: winsta.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: qmgr.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsperf.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: firewallapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: esent.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dnsapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwbase.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: flightsettings.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netprofm.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: npmproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsigd.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: upnp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ssdpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: appxdeploymentclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmauto.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: miutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wsmsvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dsrole.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: pcwum.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: gpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: wkscli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msv1_0.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntlmshared.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptdll.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: webio.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mswsock.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: winnsi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rasadhlp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rmclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: usermgrcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: vssapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: vsstrace.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: samcli.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: samlib.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: es.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: bitsproxy.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: schannel.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ntasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncrypt.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: dpapi.dll | Jump to behavior |
Source: C:\Windows\System32\svchost.exe | Section loaded: mpr.dll | Jump to behavior |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\TextInputFramework.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wkernel32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000524F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\CoreUIComponents.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000527C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\wmswsock.pdbeWinStationGetUserCerti9NXZc^ source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dhcpcsvc.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A798000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: fwbase.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009E62000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcrt.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005260000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdsapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.0000000008AD6000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: e3samlib.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D9E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\fwpuclnt.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\FWPolicyIOMgr.pdbdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\DLL\dhcpcsvc6.pdbdbq source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdbationC source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: advapi32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000525A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wsspicli.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009839000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcrypt.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009415000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: usp10.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000952E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: usp10.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000952E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CoreMessaging.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A327000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009BB6000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\wbemprox.pdbZ source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: cryptbase.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009844000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: comdlg32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005271000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleacc.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009300000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: MFWMAAEC.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A0A5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: fwbase.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009E62000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wbemsvc.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A5CC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wmswsock.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A7F5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: secur32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009472000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: winmm.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009650000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: powrprof.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000935B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wwin32u.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005282000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ole32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085FC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdbWinSt source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: FWPolicyIOMgr.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009EC5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Windows.UI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A1B9000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdbnGetAl( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rasadhlp.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A852000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\wmswsock.pdb< source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: cfgmgr32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A03B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Windows.Storage.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C10000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wuser32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085DE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wkernel32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000524F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: twinapi.appcore.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A3DC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc.pdb\*s source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: netutils.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000984A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdsapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.0000000008AD6000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ole32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085FC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: rasadhlp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A852000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wininet.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.00000000095E7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Kernel.Appcore.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C77000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wgdi32full.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000528D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shell32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085F1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dhcpcsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A798000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: asamlib.pdbll\samlib.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A445000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\samlib.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: twinapi.appcore.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A3DC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mfperfhelper.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A0FF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: comctl32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.000000000860D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: comdlg32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005271000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\profapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: winmm.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009650000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: devobj.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009FDF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\CoreMessaging.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleacc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009300000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shell32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085F1000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: samcli.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000982E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcp_win.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085E4000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: MFWMAAEC.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A0A5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WindowManagementAPI.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A2CD000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wUxTheme.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009AF8000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: winhttp.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000958A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\CoreMessaging.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dbghelp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.000000000861E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\twinapi.appcore.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wgdi32full.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000528D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: sechost.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005266000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: audioses.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A15F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: fastprox.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A626000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\winsta.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wbemsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A5CC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: fastprox.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A626000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\bcryptprimitives.pdbh source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: FWPolicyIOMgr.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009EC5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: TextInputFramework.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A218000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdb\* source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dnsapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D9E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dhcpcsvc6.pdbationN source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dbghelp.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.000000000861E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: C:\Github-runner\_work\agent-windows\agent-windows\console\Win32\Release\getscreen.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.00000000013F2000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp |
Source: | Binary string: netapi32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.0000000008AD0000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcryptprimitives.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009BB6000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: mfperfhelper.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A0FF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Windows.UI.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A1B9000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\samlib.pdbbp source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: iphlpapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.0000000008629000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\InputHost.pdbiu source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\samlib.pdbbt source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wuser32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085DE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: InputHost.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A445000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wininet.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.00000000095E7000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CLBCatQ.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009CDC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: cfgmgr32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A03B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: profapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C71000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntmarta.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009F28000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: bcrypt.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009415000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wrpcrt4.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000526B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CoreMessaging.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A327000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\DLL\dhcpcsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\JSAMSIProvider32.pdbH source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ucrtbase.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000527C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\WindowManagementAPI.pdbR source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: audioses.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A15F000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntmarta.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009F28000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CLBCatQ.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009CDC000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\fwpuclnt.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\JSAMSIProvider32.pdbX source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wkernelbase.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005255000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shlwapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085EB000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\rasadhlp.pdb0 source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: samcli.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000982E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\samlib.pdbPoli source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: netapi32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.0000000008AD0000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\winsta.pdbb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CoreUIComponents.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A272000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: InputHost.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A445000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\MpOAV.pdbdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\MpOAV.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WinTypes.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A382000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: iphlpapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.0000000008629000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\InputHost.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: MMDevAPI.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009F84000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\twinapi.appcore.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\WindowManagementAPI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wrpcrt4.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.000000000526B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\wbemsvc.pdb\**m3r source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: FirewallAPI.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D37000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\fwpuclnt.pdb| source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\rasadhlp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\JSAMSIProvider32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\exe\getscreen-799952897-x86.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: secur32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009472000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: TextInputFramework.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A218000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\exe\getscreen-799952897-x86.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003088000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: netutils.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000984A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\rasadhlp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcp_win.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085E4000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WinTypes.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A382000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: WindowManagementAPI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A2CD000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: shlwapi.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000085EB000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleaut32.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.0000000008602000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wsspicli.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009839000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: MMDevAPI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009F84000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\propsys.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\Amsi.pdbA source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: FirewallAPI.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D37000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\DLL\dhcpcsvc.pdbp source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\JSAMSIProvider32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: powrprof.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000935B000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dnsapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009D9E000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: CoreUIComponents.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A272000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wwin32u.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005282000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\exe\getscreen-799952897-x86.pdbU source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003088000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: winhttp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.000000000958A000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Windows.Storage.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C10000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: sechost.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005266000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: devobj.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009FDF000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dhcpcsvc6.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A73D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\InputHost.pdbb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wbemprox.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A56D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\DLL\dhcpcsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: msvcrt.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005260000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: dhcpcsvc6.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A73D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: profapi.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C71000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\MpOAV.pdbb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\fastprox.pdb\*I.dl~ source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \user\Desktop\dll\wbemsvc.pdbs\ source: getscreen-799952897-x86.exe, 00000000.00000002.1920990574.000000000881C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\rasadhlp.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\DLL\dhcpcsvc6.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005248000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wmswsock.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A7F5000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\Windows.Storage.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\CoreMessaging.pdbbx source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.0000000003126000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\fastprox.pdbT source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\samlib.pdbcens4 source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: Kernel.Appcore.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009C77000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wUxTheme.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.0000000009AF8000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: cryptbase.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1924941258.0000000009844000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wkernelbase.pdb( source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005255000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\symbols\dll\wbemsvc.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: oleaut32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.0000000008602000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\InputHost.pdb* source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\wmswsock.pdb\* source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: comctl32.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.000000000860D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: wbemprox.pdb source: getscreen-799952897-x86.exe, 00000000.00000002.1927550647.000000000A56D000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: \??\C:\Users\user\Desktop\dll\samlib.pdbP* source: getscreen-799952897-x86.exe, 00000000.00000002.1917313238.00000000084AE000.00000004.00000020.00020000.00000000.sdmp |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1914974406.00000000063CB000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: {"token":"","uid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","turbo":"2342341740972258tHcdbwBFJVpavwsYDHgm","turbo_old":"","invite":"","brand":"","install":false,"admin":true,"isadmin":true,"onetime":true,"file_download":true,"name":"320946","nonadmin":true,"islock":false,"blackscreen_available":true,"hibernate":true,"power_supply":true,"silent":false,"confirm":false,"start_time":1740973392,"os":"win","rdp":false,"os_user":"user","os_username":"","build":327,"version":"3.2.12","hardware":"{\"CPU\":\"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\",\"CPUSpeed\":2000,\"CPUCores\":4,\"CPUCoresLogical\":1,\"CPUFamily\":\"Intel64 Family 6 Model 143 Stepping 8\",\"BIOS\":\"9YD9CE4UHG\",\"BIOSVersion\":\"20221121\",\"BIOSDate\":\"\",\"RAMPhys\":8191,\"RAMPhysAvail\":2077,\"RAMVirt\":2047,\"RAMVirtAvail\":1866,\"RAMPageFile\":8191,\"RAMBanks\":[{\"Bank\":\"RAM slot #0\",\"Locator\":\"RAM slot #0\",\"DataWidth\":64,\"Manufacturer\":\"VMware Virtual RAM\",\"PartNumber\":\"VMW-4096MB\",\"SerialNumber\":\"00000001\",\"Capacity\":40@ |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: $VMware Virtual RAM |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1914974406.00000000063CB000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: {"CPU":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","CPUSpeed":2000,"CPUCores":4,"CPUCoresLogical":1,"CPUFamily":"Intel64 Family 6 Model 143 Stepping 8","BIOS":"9YD9CE4UHG","BIOSVersion":"20221121","BIOSDate":"","RAMPhys":8191,"RAMPhysAvail":2077,"RAMVirt":2047,"RAMVirtAvail":1866,"RAMPageFile":8191,"RAMBanks":[{"Bank":"RAM slot #0","Locator":"RAM slot #0","DataWidth":64,"Manufacturer":"VMware Virtual RAM","PartNumber":"VMW-4096MB","SerialNumber":"00000001","Capacity":4096}],"VideoName":"CO86W23","VideoRAM":1024,"VideoCards":[{"Name":"CO86W23","RAM":1024,"Integrated":false}],"Locale":"0809","LocaleOemPage":"1252","LocaleCountry":"Switzerland","LocaleCurrency":"CHF","LocaleTimezone":60,"LocaleFormatTime":"HH:mm:ss","LocaleFormatDate":"dd\/MM\/yyyy","ComputerModel":"Hc3 GS9d","ComputerDomain":"tylnd","ComputerWorkgroup":"WORKGROUP","ComputerName":"user-PC","ComputerIP":["192.168.2.4","fe80::29b9:a951:1791:4eb3"],"OSName":"Microsoft Windows 10 Pro","OSVersion":"10.0.19045","HDD":[{"Model":"Z369DRGT SCSI Disk Device |
Source: getscreen-799952897-x86.exe, 00000002.00000002.1983516626.0000000003426000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAWx |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1907037485.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.00000000013F2000.00000040.00000001.01000000.00000004.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1978893585.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp, getscreen-799952897-x86.exe, 00000004.00000002.1928499402.0000000001BD2000.00000040.00000001.01000000.00000003.sdmp | Binary or memory string: Hyper-V console (use port 2179, disable negotiation) |
Source: getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | Binary or memory string: VMnet |
Source: getscreen-799952897-x86.exe, 00000004.00000002.1928499402.00000000017C1000.00000040.00000001.01000000.00000003.sdmp | Binary or memory string: WebRTC-AllowMACBasedIPv6WebRTC-BindUsingInterfaceNameVMnetWebRTC-UseDifferentiatedCellularCostsWebRTC-AddNetworkCostToVpnNet[:id= |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1914974406.00000000063C0000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: RAM slot #0RAM slot #0@VMware Virtual RAMVMW-4096MB00000001 |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: {"token":"","uid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","turbo":"2342341740972258tHcdbwBFJVpavwsYDHgm","turbo_old":"","invite":"","brand":"","install":false,"admin":true,"isadmin":true,"onetime":true,"file_download":true,"name":"320946","nonadmin":true,"islock":false,"blackscreen_available":true,"hibernate":true,"power_supply":true,"silent":false,"confirm":false,"start_time":1740973392,"os":"win","rdp":false,"os_user":"user","os_username":"","build":327,"version":"3.2.12","hardware":"{\"CPU\":\"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\",\"CPUSpeed\":2000,\"CPUCores\":4,\"CPUCoresLogical\":1,\"CPUFamily\":\"Intel64 Family 6 Model 143 Stepping 8\",\"BIOS\":\"9YD9CE4UHG\",\"BIOSVersion\":\"20221121\",\"BIOSDate\":\"\",\"RAMPhys\":8191,\"RAMPhysAvail\":2077,\"RAMVirt\":2047,\"RAMVirtAvail\":1866,\"RAMPageFile\":8191,\"RAMBanks\":[{\"Bank\":\"RAM slot #0\",\"Locator\":\"RAM slot #0\",\"DataWidth\":64,\"Manufacturer\":\"VMware Virtual RAM\",\"PartNumber\":\"VMW-4096MB\",\"SerialNumber\":\"00000001\",\"Capacity\":4096}],\"VideoName\":\"CO86W23\",\"VideoRAM\":1024,\"VideoCards\":[{\"Name\":\"CO86W23\",\"RAM\":1024,\"Integrated\":false}],\"Locale\":\"0809\",\"LocaleOemPage\":\"1252\",\"LocaleCountry\":\"Switzerland\",\"LocaleCurrency\":\"CHF\",\"LocaleTimezone\":60,\"LocaleFormatTime\":\"HH:mm:ss\",\"LocaleFormatDate\":\"dd\\\/MM\\\/yyyy\",\"ComputerModel\":\"Hc3 GS9d\",\"ComputerDomain\":\"tylnd\",\"ComputerWorkgroup\":\"WORKGROUP\",\"ComputerName\":\"user-PC\",\"ComputerIP\":[\"192.168.2.4\",\"fe80::29b9:a951:1791:4eb3\"],\"OSName\":\"Microsoft Windows 10 Pro\",\"OSVersion\":\"10.0.19045\",\"HDD\":[{\"Model\":\"Z369DRGT SCSI Disk Device\",\"Size\":393199}],\"LogicalDisks\":[{\"Disk\":\"C:\",\"Name\":\"\",\"FileSystem\":\"NTFS\",\"Size\":213143,\"FreeSpace\":19035}],\"SoundDevices\":[],\"NetAdapters\":[{\"Name\":\"Intel(R) 82574L Gigabit Network Connection\",\"Manufacturer\":\"Intel Corporation\",\"MACAddress\":\"EC:F4:BB:EA:15:88\",\"Speed\":953,\"Addresses\":\"192.168.2.4, fe80::29b9:a951:1791:4eb3\",\"DNS\":\"1.1.1.1\",\"DCHP\":\"\",\"Cable\":true,\"WoL\":false}],\"Monitors\":[]}"} |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: $VMware Virtual RAMpiL |
Source: ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1739872358.0000000000FE1000.00000040.00000001.01000000.00000004.sdmp | Binary or memory string: sWebRTC-AllowMACBasedIPv6WebRTC-BindUsingInterfaceNameVMnetWebRTC-UseDifferentiatedCellularCostsWebRTC-AddNetworkCostToVpnNet[:id= |
Source: getscreen-799952897-x86.exe, 00000002.00000003.1974569137.00000000034D4000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000003.1978215297.00000000034D8000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000003.1959219965.00000000034CD000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1984267881.00000000034D8000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000002.1984978864.00000000055D0000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000002.00000003.1941422082.00000000034CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2958415860.00000255B282B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2960392962.00000255B7E5A000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1914974406.00000000063C0000.00000004.00000010.00020000.00000000.sdmp | Binary or memory string: VMware Virtual RAM |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1911383903.0000000005201000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: {"token":"","uid":"71434D56-1548-ED3D-AEE6-C75AECD93BF0","turbo":"2342341740972258tHcdbwBFJVpavwsYDHgm","turbo_old":"","invite":"","brand":"","install":false,"admin":true,"isadmin":true,"onetime":true,"file_download":true,"name":"320946","nonadmin":true,"islock":false,"blackscreen_available":true,"hibernate":true,"power_supply":true,"silent":false,"confirm":false,"start_time":1740973392,"os":"win","rdp":false,"os_user":"user","os_username":"","build":327,"version":"3.2.12","hardware":"{\"CPU\":\"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz\",\"CPUSpeed\":2000,\"CPUCores\":4,\"CPUCoresLogical\":1,\"CPUFamily\":\"Intel64 Family 6 Model 143 Stepping 8\",\"BIOS\":\"9YD9CE4UHG\",\"BIOSVersion\":\"20221121\",\"BIOSDate\":\"\",\"RAMPhys\":8191,\"RAMPhysAvail\":2077,\"RAMVirt\":2047,\"RAMVirtAvail\":1866,\"RAMPageFile\":8191,\"RAMBanks\":[{\"Bank\":\"RAM slot #0\",\"Locator\":\"RAM slot #0\",\"DataWidth\":64,\"Manufacturer\":\"VMware Virtual RAM\",\"PartNumber\":\"VMW-4096MB\",\"SerialNumber\":\"00000001\",\"Capacity\":4096}],\"VideoName\":\"CO86W23\",\"VideoRAM\":1024,\"VideoCards\":[{\"Name\":\"CO86W23\",\"RAM\":1024,\"Integrated\":false}],\"Locale\":\"0809\",\"LocaleOemPage\":\"1252\",\"LocaleCountry\":\"Switzerland\",\"LocaleCurrency\":\"CHF\",\"LocaleTimezone\":60,\"LocaleFormatTime\":\"HH:mm:ss\",\"LocaleFormatDate\":\"dd\\\/MM\\\/yyyy\",\"ComputerModel\":\"Hc3 GS9d\",\"ComputerDomain\":\"tylnd\",\"ComputerWorkgroup\":\"WORKGROUP\",\"ComputerName\":\"user-PC\",\"ComputerIP\":[\"192.168.2.4\",\"fe80::29b9:a951:1791:4eb3\"],\"OSName\":\"Microsoft Windows 10 Pro\",\"OSVersion\":\"10.0.19045\",\"HDD\":[{\"Model\":\"Z369DRGT SCSI Disk Device\",\"Size\":393199}],\"LogicalDisks\":[{\"Disk\":\"C:\",\"Name\":\"\",\"FileSystem\":\"NTFS\",\"Size\":213143,\"FreeSpace\":19035}],\"SoundDevices\":[],\"NetAdapters\":[{\"Name\":\"Intel(R) 82574L Gigabit Network Connection\",\"Manufacturer\":\"Intel Corporation\",\"MACAddress\":\"EC:F4:BB:EA:15:88\",\"Speed\":953,\"Addresses\":\"192.168.2.4, fe80::29b9:a951:1791:4eb3\",\"DNS\":\"1.1.1.1\",\"DCHP\":\"\",\"Cable\":true,\"WoL\":false}],\"Monitors\":[]}"}NNX-@] |
Source: getscreen-799952897-x86.exe, 00000000.00000002.1910127385.00000000030C6000.00000004.00000020.00020000.00000000.sdmp, ivtkpwzprvppfnmizjgmaphqjacyyxy-elevate.exe, 00000001.00000002.1742055711.00000000028A5000.00000004.00000020.00020000.00000000.sdmp, getscreen-799952897-x86.exe, 00000004.00000003.1926504894.0000000000946000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |