Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SmartPDFPro.msi

Overview

General Information

Sample name:SmartPDFPro.msi
Analysis ID:1634189
MD5:0378815d113388b4cdfbc1d20dfd46bf
SHA1:36c1115ea4c52cafab0443bfb0e9eea7cd3640cc
SHA256:b49b2c8a7846fb18709f3d2df1062796f55bec9c7b9674b7bbdf2108d3aaa68e
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Creates multiple autostart registry keys
Tries to harvest and steal browser information (history, passwords, etc)
Adds / modifies Windows certificates
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion Autorun Keys Modification
Stores large binary data to the registry
Tries to disable installed Antivirus / HIPS / PFW
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 3012 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SmartPDFPro.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6776 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 4292 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 8C968C85912600B926D42177194A8B8F C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 1156 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 45E960FEC52E3EBC86A233C10428B081 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • onestart_installer.exe (PID: 7912 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "INSTALL" "15" "2" "1" "1" MD5: 81BE91E0A7278B8F73554259B2290ECD)
      • setup.exe (PID: 8048 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\ONESTART.PACKED.7Z" "INSTALL" "15" "2" "1" "1" MD5: 58AD915B20BEB605B2CBEA6543E9FB13)
        • setup.exe (PID: 8064 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310 MD5: 58AD915B20BEB605B2CBEA6543E9FB13)
        • setup.exe (PID: 6004 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0 MD5: 58AD915B20BEB605B2CBEA6543E9FB13)
          • setup.exe (PID: 5608 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310 MD5: 58AD915B20BEB605B2CBEA6543E9FB13)
        • onestart.exe (PID: 6600 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installer MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • onestart.exe (PID: 6020 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10 MD5: 7473ECF4A1CF4D271455034708DF09F1)
            • onestart.exe (PID: 1236 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x14c,0x150,0x154,0x124,0x158,0x7ff76de13840,0x7ff76de1384c,0x7ff76de13858 MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • onestart.exe (PID: 4548 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2116,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2 MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • onestart.exe (PID: 2948 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=1916,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:3 MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • onestart.exe (PID: 4800 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window MD5: 7473ECF4A1CF4D271455034708DF09F1)
            • onestart.exe (PID: 7608 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10 MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • onestart.exe (PID: 7612 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:8 MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • onestart.exe (PID: 5664 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • explorer.exe (PID: 4040 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
            • onestart.exe (PID: 6904 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window MD5: 7473ECF4A1CF4D271455034708DF09F1)
              • onestart.exe (PID: 7000 cmdline: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x104,0x108,0x10c,0x94,0x110,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10 MD5: 7473ECF4A1CF4D271455034708DF09F1)
            • onestart.exe (PID: 2752 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • onestart.exe (PID: 5744 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4119886736 --field-trial-handle=4108,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1 MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • onestart.exe (PID: 2644 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4121801537 --field-trial-handle=4100,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:1 MD5: 7473ECF4A1CF4D271455034708DF09F1)
          • dwm.exe (PID: 980 cmdline: "dwm.exe" MD5: 5C27608411832C5B39BA04E33D53536C)
          • onestart.exe (PID: 7756 cmdline: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4135163248 --field-trial-handle=5128,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:1 MD5: 7473ECF4A1CF4D271455034708DF09F1)
  • notification_helper.exe (PID: 1336 cmdline: "C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exe" -Embedding MD5: E39038A27BF9951CBB1C6B37752C9B81)
    • chrome.exe (PID: 1740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x1d0,0x1d4,0x1d8,0x1b0,0x1dc,0x7ff6edb2b8d8,0x7ff6edb2b8e4,0x7ff6edb2b8f0 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cmd.exe (PID: 1640 cmdline: "C:\Windows\SysWOW64\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 3936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe, ProcessId: 6600, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneStartChromium
Sigma detected: Local Accounts Discovery
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: "C:\Windows\SysWOW64\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"", CommandLine: "C:\Windows\SysWOW64\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4040, ProcessCommandLine: "C:\Windows\SysWOW64\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\"", ProcessId: 1640, ProcessName: cmd.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://ns.adobe.om/8jAvira URL Cloud: Label: malware
Multi AV Scanner detection for submitted file
Source: SmartPDFPro.msiVirustotal: Detection: 25%Perma Link
Source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_9bf2a3d4-c
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStart.ai OneStartJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile created: C:\Windows\SystemTemp\chromium_installer.logJump to behavior
Source: Binary string: user32.pdb source: onestart.exe, 0000001C.00000002.2565756870.00000A98000D8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mini_installer.exe.pdb source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: xe.pdb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: setup.exe.pdb source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: notification_helper.exe.pdb source: notification_helper.exe, 00000011.00000002.2436034942.00007FF6EDAE3000.00000002.00000001.01000000.00000009.sdmp, notification_helper.exe, 00000011.00000000.2431387892.00007FF6EDAE3000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: ntdll.pdb source: onestart.exe, 0000001C.00000002.2565756870.00000A98000D8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ll.pdb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 4?.pdbb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: onestart.exe, 0000001C.00000002.2565756870.00000A98000D8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 8?.pdb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mini_installer.exe.pdb@ source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: chrome.exe.pdb source: onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000021.00000000.2563218326.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000023.00000000.2570673658.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000025.00000000.2589106633.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000027.00000002.2640454631.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000027.00000000.2619742202.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: .pdbb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\explorer.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\onestart-bin\132.0.6834.116Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\onestart-bin\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\onestart-binJump to behavior
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 99.86.4.6 99.86.4.6
Source: Joe Sandbox ViewIP Address: 99.86.4.83 99.86.4.83
Source: onestart.exe, 00000016.00000003.2611716290.00005E3C0147C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000016.00000003.2611284743.00005E3C01450000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000016.00000003.2611476002.00005E3C01410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:207px;width:400px}:host([single-colored]) #logo{background-image:url(icons/google_logo.svg)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:va
Source: onestart.exe, 00000016.00000003.2611716290.00005E3C0147C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000016.00000003.2611284743.00005E3C01450000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000016.00000003.2611476002.00005E3C01410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:207px;width:400px}:host([single-colored]) #logo{background-image:url(icons/google_logo.svg)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:va
Source: explorer.exe, 00000022.00000000.2613898974.00000000093E1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000022.00000000.2613898974.0000000009418000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000022.00000000.2613898974.000000000944D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
Source: explorer.exe, 00000022.00000000.2615858584.000000000949A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.v
Source: explorer.exe, 00000022.00000000.2613898974.00000000093E1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000022.00000000.2613898974.0000000009418000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000022.00000000.2613898974.000000000944D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: explorer.exe, 00000022.00000000.2597315765.00000000042E7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe
Source: explorer.exe, 00000022.00000000.2597315765.00000000042E7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.om/8j
Source: explorer.exe, 00000022.00000000.2613898974.00000000093E1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000022.00000000.2613898974.0000000009418000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000022.00000000.2613898974.000000000944D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000022.00000000.2613898974.0000000009418000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crl
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com0
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com0?
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com0P
Source: explorer.exe, 00000022.00000000.2609938524.00000000074E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000022.00000000.2610158048.0000000007540000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000022.00000000.2610108167.0000000007520000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: onestart.exe, 00000027.00000002.2633837603.000001B300010000.00000002.00000001.00040000.00000017.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: explorer.exe, 00000022.00000000.2633398979.000000000BF24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000022.00000000.2633398979.000000000BF24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000022.00000000.2633398979.000000000BF24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS)001
Source: explorer.exe, 00000022.00000000.2595761744.0000000002EF0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=A1668CA4549A443399161CE8D2237D12&timeOut=5000&oc
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000021.00000000.2563218326.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://api2.onestart.ai/api/bb/updates.txt
Source: explorer.exe, 00000022.00000000.2613898974.00000000092E4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPfv-dark
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gPi8-dark
Source: notification_helper.exe, 00000011.00000000.2431387892.00007FF6EDAE3000.00000002.00000001.01000000.00000009.sdmp, notification_helper.exe, 00000011.00000003.2433806698.000003D0000E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
Source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000021.00000000.2563218326.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000023.00000000.2570673658.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000025.00000000.2589106633.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000021.00000000.2563218326.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000023.00000000.2570673658.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000025.00000000.2589106633.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000021.00000000.2563218326.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000023.00000000.2570673658.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000025.00000000.2589106633.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000021.00000000.2563218326.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: onestart.exe, 00000023.00000003.2594948392.000064B40016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595204636.000064B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595915237.000064B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2596390437.000064B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2602827135.000012B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2604293696.000012B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2605658771.000012B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2600662268.000012B40016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drafts.csswg.org/css-page-3/#margin-text-alignment
Source: explorer.exe, 00000022.00000000.2615858584.0000000009650000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: onestart.exe, 00000023.00000003.2594948392.000064B40016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595204636.000064B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595915237.000064B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2596390437.000064B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2602827135.000012B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2604293696.000012B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2605658771.000012B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2600662268.000012B40016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:
Source: onestart.exe, 00000023.00000003.2594948392.000064B40016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595204636.000064B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595915237.000064B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2596390437.000064B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2602827135.000012B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2604293696.000012B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2605658771.000012B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2600662268.000012B40016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
Source: onestart.exe, 00000023.00000003.2594948392.000064B40016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595204636.000064B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595915237.000064B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2596390437.000064B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2602827135.000012B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2604293696.000012B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2605658771.000012B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2600662268.000012B40016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: onestart.exe, 00000023.00000003.2594948392.000064B40016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595204636.000064B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595915237.000064B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2596390437.000064B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2602827135.000012B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2604293696.000012B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2605658771.000012B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2600662268.000012B40016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#bidi-rendering
Source: onestart.exe, 00000023.00000003.2594948392.000064B40016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595204636.000064B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595915237.000064B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2596390437.000064B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2602827135.000012B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2604293696.000012B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2605658771.000012B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2600662268.000012B40016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
Source: onestart.exe, 00000023.00000003.2594948392.000064B40016C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595204636.000064B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2595915237.000064B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000023.00000003.2596390437.000064B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2602827135.000012B400140000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2604293696.000012B4002E4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2605658771.000012B4002F4000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2600662268.000012B40016C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1eBTmz.img
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hGNsX.img
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAT0qC2.img
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AATs0AB.img
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
Source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000002.2507119546.000070380007C000.00000004.00001000.00020000.00000000.sdmp, setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://log.onestart.ai
Source: onestart_installer.exe, 0000000E.00000002.2507119546.000070380007C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://log.onestart.ai/
Source: onestart_installer.exe, 0000000E.00000002.2507119546.000070380007C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://log.onestart.ai/p8
Source: onestart_installer.exe, 0000000E.00000002.2507119546.000070380007C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://log.onestart.aiContent-Type:
Source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000021.00000000.2563218326.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://log.onestart.aihttps://api2.onestart.ai/api/bb/updates.txt&cdb=1&wversion=&bversion=https://
Source: onestart_installer.exe, 0000000E.00000002.2507119546.000070380007C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://log.onestart.aip8
Source: onestart.exe, 00000025.00000003.2630403188.000012B40088C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
Source: onestart.exe, 00000016.00000003.2611716290.00005E3C0147C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000016.00000003.2611284743.00005E3C01450000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000016.00000003.2611476002.00005E3C01410000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2610047747.000012B40039C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2609810180.000012B40082C000.00000004.00001000.00020000.00000000.sdmp, onestart.exe, 00000025.00000003.2609810180.000012B400804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/doodle
Source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000021.00000000.2563218326.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=
Source: onestart_installer.exe, 0000000E.00000002.2507155532.0000703800080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=&bversion=132.0.6834.116&wversion=4.5.283.2&cdb=1
Source: onestart_installer.exe, 0000000E.00000002.2506730972.000070380006C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/gcsett?iid=&bversion=132.0.6834.116&wversion=4.5.283.2&cdb=1https://onestart
Source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://onestart.ai/chr/ri?
Source: onestart_installer.exe, 0000000E.00000002.2506730972.000070380006C000.00000004.00001000.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000002.2507155532.0000703800080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=132.0.6834.116&wversion=4.5.283.2
Source: onestart_installer.exe, 0000000E.00000002.2507155532.0000703800080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://onestart.ai/chr/ri?fhnid=ip&product=2&bversion=132.0.6834.116&wversion=4.5.283.2iid
Source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://onestart.ai/chr/ri?productbrowsertyphttps://onestart.ai/chr/ui?iid=
Source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://onestart.ai/chr/ui?iid=
Source: setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://onestart.ai/chr/uninstall?iid=
Source: explorer.exe, 00000022.00000000.2615858584.0000000009650000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://parade.com/61481/toriavey/where-did-hamburgers-originate
Source: onestart.exe, 00000025.00000003.2630403188.000012B40088C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
Source: explorer.exe, 00000022.00000000.2633398979.000000000BF24000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEMn
Source: onestart.exe, 00000016.00000003.2603425912.00005E3C00718000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: onestart.exe, 00000016.00000003.2603425912.00005E3C00718000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000022.00000000.2633398979.000000000BEBB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/64b5823llc
Source: explorer.exe, 00000022.00000000.2615858584.0000000009650000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: onestart.exe, 00000016.00000003.2603425912.00005E3C00718000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: onestart.exe, 00000025.00000003.2630403188.000012B40088C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/foodanddrink/foodnews/the-best-burger-place-in-phoenix-plus-see-the-rest-o
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/companies/kaiser-permanente-and-unions-for-75-000-striking-health-wo
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/here-s-what-house-rules-say-about-trump-serving-as-speaker-o
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/trump-whines-to-cameras-in-ny-fraud-case-before-fleeing-to-f
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch-
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/a-second-war-could-easily-erupt-in-europe-while-everyone-s-dist
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/england-considers-raising-smoking-age-until-cigarettes-are-bann
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/nobel-prize-in-literature-to-be-announced-in-stockholm/ar-AA1hI
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-expresses-worry-about-congressional
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: onestart_installer.exe, 0000000E.00000003.2132123083.000002128702C000.00000004.00000020.00020000.00000000.sdmp, onestart_installer.exe, 0000000E.00000003.2132074119.000002128702C000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2428869784.000001F5C2488000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 0000000F.00000003.2429088891.000001F5C2488000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ssl.com/repository0
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.stacker.com/arizona/phoenix
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.starsinsider.com/n/154870?utm_source=msn.com&utm_medium=display&utm_campaign=referral_de
Source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.surveymonkey.com/r/WTCWGRK
Source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.surveymonkey.com/r/WTCWGRKSetup.Install.ResultSetup.Install.PeakPagefileUsageSetup.Insta
Source: explorer.exe, 00000022.00000000.2604343887.0000000006E1D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.yelp.com
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\3c9ff5.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA16C.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA219.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA249.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E26424D6-5AA5-419C-BBA9-6B1328F7A00B}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA2F6.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA325.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA3D2.tmpJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile created: C:\Windows\SystemTemp\chromium_installer.logJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\scoped_dir6600_1291918760
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_url_fetcher_6600_36349142
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_url_fetcher_6600_36349142\oimompecagnajdejgnnjijobebaeigek_4.10.2891.0_win64_acwxtxt2znguar3w2o252umtomsq.crx3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\_platform_specific\
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\_platform_specific\win_x64\
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\_platform_specific\win_x64\widevinecdm.dll.sig
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\_platform_specific\win_x64\widevinecdm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\LICENSE
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\manifest.json
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\_metadata\
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\_metadata\verified_contents.json
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\manifest.fingerprint
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIA16C.tmpJump to behavior
Source: onestart_installer.exe.part.3.drStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: onestart_installer.exe.part.3.drStatic PE information: Resource name: BL type: Microsoft Cabinet archive data, Windows 2000/XP setup, 2222800 bytes, 1 file, at 0x2c "setup.exe", number 1, 155 datablocks, 0x1 compression
Source: setup.exe.14.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: setup.exe.14.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: setup.exe.14.drStatic PE information: Number of sections : 14 > 10
Source: widevinecdm.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: chrome.dll.15.drStatic PE information: Number of sections : 15 > 10
Source: classification engineClassification label: mal64.spyw.winMSI@56/246@0/23
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CMLA3AE.tmpJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3936:120:WilError_03
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupMutex_5379382546362475780
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ChromeSetupExitEventMutex_5379382546362475780
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8B25.tmpJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: CREATE TABLE x-;
Source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: SmartPDFPro.msiVirustotal: Detection: 25%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SmartPDFPro.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8C968C85912600B926D42177194A8B8F C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 45E960FEC52E3EBC86A233C10428B081
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "INSTALL" "15" "2" "1" "1"
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\ONESTART.PACKED.7Z" "INSTALL" "15" "2" "1" "1"
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exe "C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exe" -Embedding
Source: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x1d0,0x1d4,0x1d8,0x1b0,0x1dc,0x7ff6edb2b8d8,0x7ff6edb2b8e4,0x7ff6edb2b8f0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installer
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x14c,0x150,0x154,0x124,0x158,0x7ff76de13840,0x7ff76de1384c,0x7ff76de13858
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2116,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=1916,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:8
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" /c "rmdir /s /q "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\""
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4119886736 --field-trial-handle=4108,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4121801537 --field-trial-handle=4100,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:1
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x104,0x108,0x10c,0x94,0x110,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4135163248 --field-trial-handle=5128,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8C968C85912600B926D42177194A8B8F CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 45E960FEC52E3EBC86A233C10428B081Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe" "INSTALL" "15" "2" "1" "1"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --install-archive="C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\ONESTART.PACKED.7Z" "INSTALL" "15" "2" "1" "1"Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --from-installerJump to behavior
Source: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x1d0,0x1d4,0x1d8,0x1b0,0x1dc,0x7ff6edb2b8d8,0x7ff6edb2b8e4,0x7ff6edb2b8f0Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2116,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=1916,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4119886736 --field-trial-handle=4108,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4121801537 --field-trial-handle=4100,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4135163248 --field-trial-handle=5128,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x14c,0x150,0x154,0x124,0x158,0x7ff76de13840,0x7ff76de1384c,0x7ff76de13858
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --existing-window
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --update
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Windows\explorer.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x104,0x108,0x10c,0x94,0x110,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dsreg.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: devobj.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mdmregistration.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mdmregistration.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: omadmapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dmcmnutils.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: iri.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mscms.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wpnapps.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: rmclient.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: usermgrcli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: schannel.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wlanapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: windows.media.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: atlthunk.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: directmanipulation.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: pdh.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: netprofm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: npmproxy.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: perfos.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptowinrt.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptngc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: pcpksp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ngcksp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: tbs.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ncryptprov.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: comppkgsup.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: windows.media.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: netprofm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: npmproxy.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}\InprocServer32Jump to behavior
Source: OneStart.lnk.19.drLNK file: ..\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe
Source: OneStart.lnk0.19.drLNK file: ..\..\..\..\Local\OneStart.ai\OneStart\Application\onestart.exe
Source: OneStart.lnk1.19.drLNK file: ..\..\..\..\..\Local\OneStart.ai\OneStart\Application\onestart.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociationsJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneStart.ai OneStartJump to behavior
Source: SmartPDFPro.msiStatic file information: File size 2361856 > 1048576
Source: Binary string: user32.pdb source: onestart.exe, 0000001C.00000002.2565756870.00000A98000D8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mini_installer.exe.pdb source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: xe.pdb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: setup.exe.pdb source: setup.exe, 0000000F.00000002.2467968355.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 0000000F.00000000.2133985464.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000000.2135484114.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000010.00000002.2474414443.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000002.2445856377.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000013.00000000.2434589772.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000000.2436826175.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp, setup.exe, 00000014.00000002.2463329514.00007FF6EF89D000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: notification_helper.exe.pdb source: notification_helper.exe, 00000011.00000002.2436034942.00007FF6EDAE3000.00000002.00000001.01000000.00000009.sdmp, notification_helper.exe, 00000011.00000000.2431387892.00007FF6EDAE3000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: ntdll.pdb source: onestart.exe, 0000001C.00000002.2565756870.00000A98000D8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ll.pdb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 4?.pdbb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: onestart.exe, 0000001C.00000002.2565756870.00000A98000D8000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 8?.pdb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: mini_installer.exe.pdb@ source: onestart_installer.exe, 0000000E.00000002.2521612389.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp, onestart_installer.exe, 0000000E.00000000.1939877406.00007FF6EC0DD000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: chrome.exe.pdb source: onestart.exe, 00000016.00000000.2448785301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000017.00000000.2462447745.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000019.00000000.2466306017.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001A.00000000.2492766579.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001B.00000000.2494074917.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000002.2568686301.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001C.00000000.2496601635.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000000.2505512399.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001D.00000002.2650439760.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 0000001E.00000000.2505713703.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000021.00000000.2563218326.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000023.00000000.2570673658.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000025.00000000.2589106633.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000027.00000002.2640454631.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp, onestart.exe, 00000027.00000000.2619742202.00007FF76DDA4000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: .pdbb source: onestart.exe, 0000001C.00000002.2564968443.00000A980004C000.00000004.00001000.00020000.00000000.sdmp
Source: MSI8B25.tmp.0.drStatic PE information: section name: .fptable
Source: MSI8BB2.tmp.0.drStatic PE information: section name: .fptable
Source: MSI8C21.tmp.0.drStatic PE information: section name: .fptable
Source: MSI8C51.tmp.0.drStatic PE information: section name: .fptable
Source: MSI8CA0.tmp.0.drStatic PE information: section name: .fptable
Source: MSI8CEF.tmp.0.drStatic PE information: section name: .fptable
Source: MSI8D3E.tmp.0.drStatic PE information: section name: .fptable
Source: MSI8D7E.tmp.0.drStatic PE information: section name: .fptable
Source: MSICCB1.tmp.0.drStatic PE information: section name: .fptable
Source: MSICD7D.tmp.0.drStatic PE information: section name: .fptable
Source: MSIA16C.tmp.1.drStatic PE information: section name: .fptable
Source: MSIA219.tmp.1.drStatic PE information: section name: .fptable
Source: MSIA249.tmp.1.drStatic PE information: section name: .fptable
Source: MSIA325.tmp.1.drStatic PE information: section name: .fptable
Source: MSIA3D2.tmp.1.drStatic PE information: section name: .fptable
Source: onestart_installer.exe.part.3.drStatic PE information: section name: .gxfg
Source: onestart_installer.exe.part.3.drStatic PE information: section name: .retplne
Source: onestart_installer.exe.part.3.drStatic PE information: section name: _RDATA
Source: setup.exe.14.drStatic PE information: section name: .gxfg
Source: setup.exe.14.drStatic PE information: section name: .retplne
Source: setup.exe.14.drStatic PE information: section name: .rodata
Source: setup.exe.14.drStatic PE information: section name: CPADinfo
Source: setup.exe.14.drStatic PE information: section name: LZMADEC
Source: setup.exe.14.drStatic PE information: section name: _RDATA
Source: setup.exe.14.drStatic PE information: section name: malloc_h
Source: chrome.dll.15.drStatic PE information: section name: .gxfg
Source: chrome.dll.15.drStatic PE information: section name: .retplne
Source: chrome.dll.15.drStatic PE information: section name: .rodata
Source: chrome.dll.15.drStatic PE information: section name: CPADinfo
Source: chrome.dll.15.drStatic PE information: section name: LZMADEC
Source: chrome.dll.15.drStatic PE information: section name: _RDATA
Source: chrome.dll.15.drStatic PE information: section name: malloc_h
Source: chrome.dll.15.drStatic PE information: section name: prot
Source: widevinecdm.dll.22.drStatic PE information: section name: .gxfg
Source: widevinecdm.dll.22.drStatic PE information: section name: .retplne
Source: widevinecdm.dll.22.drStatic PE information: section name: .rodata
Source: widevinecdm.dll.22.drStatic PE information: section name: _RDATA
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8CA0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8C51.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA219.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA249.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8C21.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8CEF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8D7E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\_platform_specific\win_x64\widevinecdm.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.partJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8B25.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA16C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA325.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\132.0.6834.116\Installer\setup.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8BB2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSICCB1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\onestart-bin\132.0.6834.116\chrome.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSICD7D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA3D2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8D3E.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe (copy)Jump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA219.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA249.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile created: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\_platform_specific\win_x64\widevinecdm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA16C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA325.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA3D2.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\onestart_installer.exe.partJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile created: C:\Windows\SystemTemp\chromium_installer.logJump to behavior

Boot Survival

barindex
Creates multiple autostart registry keys
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartChromium
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartUpdate
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartAutoLaunch_B93C234E6FF5ED8FE92790CD2583B8A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartChromium
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartChromium
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartUpdate
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartUpdate
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartAutoLaunch_B93C234E6FF5ED8FE92790CD2583B8A0
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OneStartAutoLaunch_B93C234E6FF5ED8FE92790CD2583B8A0
Source: C:\Windows\System32\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A BlobJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8CA0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA219.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8C51.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA249.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8C21.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8CEF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeDropped PE file which has not been started: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\_platform_specific\win_x64\widevinecdm.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8D7E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA16C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8B25.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA325.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8BB2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICCB1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\onestart-bin\132.0.6834.116\chrome.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSICD7D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA3D2.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8D3E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\js FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Code Cache\wasm FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Windows\SystemTemp\scoped_dir6600_1291918760 FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\blob_storage\a5364ecb-d960-46ff-bb33-f5402a7befed FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile Volume queried: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\onestart-bin\132.0.6834.116Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\onestart-bin\NULLJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Temp\source8048_713822238\onestart-binJump to behavior
Source: onestart_installer.exe, 0000000E.00000002.2502705524.0000021286FE9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%%~
Source: explorer.exe, 00000022.00000000.2615858584.000000000958A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000022.00000000.2613898974.00000000092E4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\input.inf_loc
Source: onestart.exe, 0000001C.00000002.2570053526.00007FFA14461000.00000020.00000001.01000000.0000000D.sdmpBinary or memory string: uVMcI
Source: explorer.exe, 00000022.00000000.2604343887.0000000006EE9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTWiVMWare
Source: explorer.exe, 00000022.00000000.2613898974.00000000092A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AV Generation Countersc%;Microsoft Hyper-V Generation Counter
Source: explorer.exe, 00000022.00000000.2595761744.0000000002F3A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM00000001VMW-4096MBRAM slot #0RAM slot #0
Source: explorer.exe, 00000022.00000000.2613898974.00000000093E1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000022.00000000.2613898974.0000000009433000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000022.00000000.2615858584.0000000009650000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@^
Source: explorer.exe, 00000022.00000000.2615858584.0000000009650000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 0d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@
Source: onestart_installer.exe, 0000000E.00000003.2100945617.000002128701D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
Source: explorer.exe, 00000022.00000000.2595761744.0000000002F3A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIES1371
Source: explorer.exe, 00000022.00000000.2595761744.0000000002F3A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
Source: explorer.exe, 00000022.00000000.2615858584.0000000009552000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000022.00000000.2615858584.000000000958A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00}g
Source: explorer.exe, 00000022.00000000.2595761744.0000000002F3A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
Source: explorer.exe, 00000022.00000000.2587262641.0000000000875000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000022.00000000.2615858584.000000000958A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000022.00000000.2613898974.00000000092E4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: onestart.exe, 0000001B.00000003.2505415726.000001CCF4DA5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllXX
Source: explorer.exe, 00000022.00000000.2595761744.0000000002EF0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\134.0.6998.36\notification_helper.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x1d0,0x1d4,0x1d8,0x1b0,0x1dc,0x7ff6edb2b8d8,0x7ff6edb2b8e4,0x7ff6edb2b8f0Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2116,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=1916,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4119886736 --field-trial-handle=4108,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4121801537 --field-trial-handle=4100,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4135163248 --field-trial-handle=5128,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x14c,0x150,0x154,0x124,0x158,0x7ff76de13840,0x7ff76de1384c,0x7ff76de13858
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=OneStart --annotation=ver=132.0.6834.116 --initial-client-data=0x104,0x108,0x10c,0x94,0x110,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeFile opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dllJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_861d9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_861d9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x14c,0x150,0x154,0x124,0x158,0x7ff76de13840,0x7ff76de1384c,0x7ff76de13858
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=uaaaaaaaaadgaaaeaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaaaaaaaaaaaaacaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=2116,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=1916,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4119886736 --field-trial-handle=4108,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4121801537 --field-trial-handle=4100,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x104,0x108,0x10c,0x94,0x110,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4135163248 --field-trial-handle=5128,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_861d9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exe "c:\users\user\appdata\local\onestart.ai\onestart installer\cr_861d9.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7ff6ef91e2f8,0x7ff6ef91e304,0x7ff6ef91e310Jump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=gpu-process --string-annotations --start-stack-profiler --gpu-preferences=uaaaaaaaaadgaaaeaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaaaaaaaaaaaaacaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=2116,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --string-annotations --start-stack-profiler --field-trial-handle=1916,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:3
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:8
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4119886736 --field-trial-handle=4108,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4121801537 --field-trial-handle=4100,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe "c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1741632187510444 --launch-time-ticks=4135163248 --field-trial-handle=5128,i,15873087772196512968,16410540828184782454,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:1
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x14c,0x150,0x154,0x124,0x158,0x7ff76de13840,0x7ff76de1384c,0x7ff76de13858
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeProcess created: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe c:\users\user\appdata\local\onestart.ai\onestart\application\onestart.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\onestart.ai\onestart\user data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\onestart.ai\onestart\user data\crashpad" --annotation=plat=win64 --annotation=prod=onestart --annotation=ver=132.0.6834.116 --initial-client-data=0x104,0x108,0x10c,0x94,0x110,0x7ffa2010dcf8,0x7ffa2010dd04,0x7ffa2010dd10
Source: explorer.exe, 00000022.00000000.2589140069.0000000000EB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
Source: explorer.exe, 00000022.00000000.2589140069.0000000000EB1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000022.00000000.2615858584.0000000009552000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000022.00000000.2601465995.00000000043B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000022.00000000.2589140069.0000000000EB1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000022.00000000.2587262641.0000000000875000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 00000022.00000000.2589140069.0000000000EB1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart Installer\CR_861D9.tmp\setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\master_preferences VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Preferences VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\132.0.6834.116\PrivacySandboxAttestationsPreloaded\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\132.0.6834.116\MEIPreload\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\132.0.6834.116\PrivacySandboxAttestationsPreloaded\privacy-sandbox-attestations.dat VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exe VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\132.0.6834.116\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6600_1820370757\manifest.json VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeQueries volume information: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Windows\System32\msiexec.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A BlobJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\OneStart.ai\OneStart\Application\onestart.exeFile opened: C:\Users\user\AppData\Local\OneStart.ai\OneStart\User Data\Default\HistoryJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		31
Masquerading		1
OS Credential Dumping		1
Security Software Discovery		Remote Services1
Archive Collected Data		Data ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job11
Registry Run Keys / Startup Folder		12
Process Injection		1
Modify Registry		LSASS Memory2
Process Discovery		Remote Desktop Protocol1
Data from Local System		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		11
Registry Run Keys / Startup Folder		2
Disable or Modify Tools		Security Account Manager11
Peripheral Device Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		12
Process Injection		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
File Deletion		Cached Domain Credentials23
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1634189 Sample: SmartPDFPro.msi Startdate: 10/03/2025 Architecture: WINDOWS Score: 64 117 Antivirus detection for URL or domain 2->117 119 Multi AV Scanner detection for submitted file 2->119 11 msiexec.exe 11 38 2->11         started        14 msiexec.exe 13 2->14         started        16 notification_helper.exe 5 2->16         started        18 cmd.exe 2->18         started        process3 file4 79 C:\Windows\Installer\MSIA3D2.tmp, PE32 11->79 dropped 81 C:\Windows\Installer\MSIA325.tmp, PE32 11->81 dropped 83 C:\Windows\Installer\MSIA249.tmp, PE32 11->83 dropped 91 2 other files (none is malicious) 11->91 dropped 20 onestart_installer.exe 17 11->20         started        24 msiexec.exe 13 11->24         started        26 msiexec.exe 11->26         started        85 C:\Users\user\AppData\Local\...\MSICD7D.tmp, PE32 14->85 dropped 87 C:\Users\user\AppData\Local\...\MSICCB1.tmp, PE32 14->87 dropped 89 C:\Users\user\AppData\Local\...\MSI8D7E.tmp, PE32 14->89 dropped 93 7 other files (none is malicious) 14->93 dropped 28 chrome.exe 16->28         started        30 conhost.exe 18->30         started        process5 dnsIp6 109 108.138.26.115 AMAZON-02US United States 20->109 111 108.138.26.3 AMAZON-02US United States 20->111 115 2 other IPs or domains 20->115 73 C:\Users\user\AppData\Local\...\setup.exe, PE32+ 20->73 dropped 32 setup.exe 87 110 20->32         started        113 143.204.98.32 AMAZON-02US United States 24->113 75 C:\Users\user\...\onestart_installer.exe.part, PE32+ 24->75 dropped 77 C:\Users\...\onestart_installer.exe (copy), PE32+ 24->77 dropped file7 process8 file9 65 C:\Users\user\AppData\Local\...\chrome.dll, PE32+ 32->65 dropped 67 C:\Users\user\AppData\...\setup.exe (copy), PE32+ 32->67 dropped 35 onestart.exe 32->35         started        40 setup.exe 1 8 32->40         started        42 setup.exe 3 32->42         started        process10 dnsIp11 105 13.33.187.77 AMAZON-02US United States 35->105 107 192.168.2.9 unknown unknown 35->107 69 C:\Users\user\AppData\Local\...\History, SQLite 35->69 dropped 71 C:\Windows\SystemTemp\...\widevinecdm.dll, PE32+ 35->71 dropped 121 Creates multiple autostart registry keys 35->121 123 Tries to harvest and steal browser information (history, passwords, etc) 35->123 44 explorer.exe 35->44 injected 46 onestart.exe 35->46         started        48 onestart.exe 35->48         started        53 8 other processes 35->53 51 setup.exe 3 40->51         started        file12 signatures13 process14 dnsIp15 55 onestart.exe 44->55         started        57 onestart.exe 44->57         started        59 onestart.exe 46->59         started        95 142.250.110.84 GOOGLEUS United States 48->95 97 142.250.184.195 GOOGLEUS United States 48->97 103 12 other IPs or domains 48->103 99 99.86.4.6 AMAZON-02US United States 53->99 101 99.86.4.83 AMAZON-02US United States 53->101 61 onestart.exe 53->61         started        process16 process17 63 onestart.exe 55->63         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.