Source: C:\Windows\SysWOW64\msiexec.exe | File opened: z: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: x: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: v: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: t: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: r: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: p: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: n: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: l: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: j: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: h: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: f: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: b: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: y: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: w: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: u: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: s: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: q: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: o: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: m: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: k: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: i: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: g: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: e: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: c: |
Source: C:\Windows\SysWOW64\msiexec.exe | File opened: a: |
Source: msiexec.exe, 00000009.00000003.261916278.0000000007E54000.00000004.00000001.sdmp, Star4Live_P2P.msi.2.dr | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: svchost.exe, 00000008.00000002.502139929.0000029037C0F000.00000004.00000001.sdmp | String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0 |
Source: msiexec.exe, 00000003.00000002.390037940.0000000005560000.00000004.00000001.sdmp | String found in binary or memory: http://csc3-2010-crl.verisign.c |
Source: svchost.exe, 00000008.00000002.502139929.0000029037C0F000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.digicert.com0: |
Source: svchost.exe, 00000008.00000002.502139929.0000029037C0F000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.msocsp.com0 |
Source: msiexec.exe, 00000009.00000003.261916278.0000000007E54000.00000004.00000001.sdmp, Star4Live_P2P.msi.2.dr | String found in binary or memory: http://ocsp.thawte.com0 |
Source: svchost.exe, 00000008.00000002.501957880.0000029037B50000.00000002.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. |
Source: msiexec.exe, 00000009.00000003.261916278.0000000007E54000.00000004.00000001.sdmp, Star4Live_P2P.msi.2.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: msiexec.exe, 00000009.00000003.261916278.0000000007E54000.00000004.00000001.sdmp, Star4Live_P2P.msi.2.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: msiexec.exe, 00000009.00000003.261916278.0000000007E54000.00000004.00000001.sdmp, Star4Live_P2P.msi.2.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: svchost.exe, 00000010.00000002.309337088.000002AC12013000.00000004.00000001.sdmp | String found in binary or memory: http://www.bingmapsportal.com |
Source: msiexec.exe, 00000009.00000003.261916278.0000000007E54000.00000004.00000001.sdmp, Star4Live_P2P.msi.2.dr | String found in binary or memory: http://www.flexerasoftware.com0 |
Source: Setup.exe | String found in binary or memory: http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d |
Source: Setup.exe, msiexec.exe, 00000009.00000003.370808698.000000000336E000.00000004.00000001.sdmp | String found in binary or memory: http://www.star4live.com |
Source: msiexec.exe, 00000009.00000003.259756510.0000000003335000.00000004.00000001.sdmp | String found in binary or memory: http://www.star4live.com: |
Source: msiexec.exe, 00000009.00000003.259987657.000000000332C000.00000004.00000001.sdmp | String found in binary or memory: http://www.star4live.come |
Source: Setup.exe, 00000002.00000003.219207709.00000000007DC000.00000004.00000001.sdmp | String found in binary or memory: http://www.star4live.comyw |
Source: svchost.exe, 0000000D.00000002.493725245.000002809F244000.00000004.00000001.sdmp | String found in binary or memory: https://%s.dnet.xboxlive.com |
Source: svchost.exe, 0000000D.00000002.493725245.000002809F244000.00000004.00000001.sdmp | String found in binary or memory: https://%s.xboxlive.com |
Source: svchost.exe, 0000000D.00000002.493725245.000002809F244000.00000004.00000001.sdmp | String found in binary or memory: https://activity.windows.com |
Source: svchost.exe, 00000010.00000003.308944817.000002AC1205F000.00000004.00000001.sdmp | String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net |
Source: svchost.exe, 0000000D.00000002.493725245.000002809F244000.00000004.00000001.sdmp | String found in binary or memory: https://bn2.notify.windows.com/v2/register/xplatform/device |
Source: svchost.exe, 0000000D.00000002.493725245.000002809F244000.00000004.00000001.sdmp | String found in binary or memory: https://co4-df.notify.windows.com/v2/register/xplatform/device |
Source: svchost.exe, 00000010.00000003.308983808.000002AC1205A000.00000004.00000001.sdmp | String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 00000010.00000003.308944817.000002AC1205F000.00000004.00000001.sdmp | String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations |
Source: svchost.exe, 00000010.00000002.309367137.000002AC1203D000.00000004.00000001.sdmp | String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/ |
Source: svchost.exe, 00000010.00000003.308944817.000002AC1205F000.00000004.00000001.sdmp | String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx |
Source: svchost.exe, 00000010.00000003.308952020.000002AC12048000.00000004.00000001.sdmp | String found in binary or memory: https://dev.ditu.live.com/mapcontrol/mapconfiguration.ashx?name=native&v= |
Source: svchost.exe, 00000010.00000003.308944817.000002AC1205F000.00000004.00000001.sdmp | String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations |
Source: svchost.exe, 00000010.00000002.309367137.000002AC1203D000.00000004.00000001.sdmp | String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/ |
Source: svchost.exe, 00000010.00000003.308944817.000002AC1205F000.00000004.00000001.sdmp | String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving |
Source: svchost.exe, 00000010.00000003.308944817.000002AC1205F000.00000004.00000001.sdmp | String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit |
Source: svchost.exe, 00000010.00000003.308944817.000002AC1205F000.00000004.00000001.sdmp | String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking |
Source: svchost.exe, 00000010.00000002.309374536.000002AC12042000.00000004.00000001.sdmp, svchost.exe, 00000010.00000003.309069811.000002AC12040000.00000004.00000001.sdmp | String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/ |
Source: svchost.exe, 00000010.00000002.309374536.000002AC12042000.00000004.00000001.sdmp | String found in binary or memory: https://dev.virtualearth.net/mapcontrol/HumanScaleServices/GetBubbles.ashx?n= |
Source: svchost.exe, 00000010.00000003.308944817.000002AC1205F000.00000004.00000001.sdmp | String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx |
Source: svchost.exe, 00000010.00000002.309395052.000002AC1205C000.00000004.00000001.sdmp, svchost.exe, 00000010.00000003.309069811.000002AC12040000.00000004.00000001.sdmp | String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log? |
Source: svchost.exe, 00000010.00000003.308983808.000002AC1205A000.00000004.00000001.sdmp | String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r= |
Source: svchost.exe, 00000010.00000002.309395052.000002AC1205C000.00000004.00000001.sdmp | String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r= |
Source: svchost.exe, 00000010.00000002.309395052.000002AC1205C000.00000004.00000001.sdmp | String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r= |
Source: svchost.exe, 00000010.00000003.308952020.000002AC12048000.00000004.00000001.sdmp, svchost.exe, 00000010.00000002.309374536.000002AC12042000.00000004.00000001.sdmp | String found in binary or memory: https://dynamic.t |
Source: svchost.exe, 00000010.00000003.308944817.000002AC1205F000.00000004.00000001.sdmp | String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx |
Source: svchost.exe, 00000010.00000002.309367137.000002AC1203D000.00000004.00000001.sdmp | String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/ |
Source: svchost.exe, 00000010.00000003.287172571.000002AC12032000.00000004.00000001.sdmp | String found in binary or memory: https://ecn.dev.virtualearth.net/mapcontrol/mapconfiguration.ashx?name=native&v= |
Source: svchost.exe, 00000010.00000002.309367137.000002AC1203D000.00000004.00000001.sdmp | String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx |
Source: svchost.exe, 00000010.00000002.309337088.000002AC12013000.00000004.00000001.sdmp, svchost.exe, 00000010.00000002.309367137.000002AC1203D000.00000004.00000001.sdmp | String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r= |
Source: svchost.exe, 00000010.00000003.309059603.000002AC12045000.00000004.00000001.sdmp | String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r= |
Source: svchost.exe, 00000010.00000003.309059603.000002AC12045000.00000004.00000001.sdmp | String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r= |
Source: svchost.exe, 00000010.00000003.287172571.000002AC12032000.00000004.00000001.sdmp | String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r= |
Source: svchost.exe, 00000010.00000002.309360074.000002AC1203B000.00000004.00000001.sdmp | String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen |
Source: svchost.exe, 00000010.00000003.308952020.000002AC12048000.00000004.00000001.sdmp | String found in binary or memory: https://t0.tiles.ditu.live.com/tiles/gen |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0042C46B |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0049BDC0 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0048C43E |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0046C67B |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_004606CF |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0048874C |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0049C7EC |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0046CB50 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_00478C6D |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0046CF24 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_00499140 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0046D330 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0046D750 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_00479A8E |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_00475D76 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_00479D09 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_00475F74 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0047A00E |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0048E7C3 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_004967A0 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0047ABE4 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_3_007711A1 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_3_0077132F |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0227D700 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_3_00771645 |
Source: C:\Users\user\Desktop\Setup.exe | Code function: String function: 00466D2B appears 52 times |
Source: C:\Users\user\Desktop\Setup.exe | Code function: String function: 0047854F appears 37 times |
Source: C:\Users\user\Desktop\Setup.exe | Code function: String function: 00467539 appears 70 times |
Source: C:\Users\user\Desktop\Setup.exe | Code function: String function: 00401850 appears 153 times |
Source: C:\Users\user\Desktop\Setup.exe | Code function: String function: 00467503 appears 54 times |
Source: C:\Users\user\Desktop\Setup.exe | Code function: String function: 00409071 appears 109 times |
Source: C:\Users\user\Desktop\Setup.exe | Code function: String function: 004674D0 appears 538 times |
Source: C:\Users\user\Desktop\Setup.exe | Code function: String function: 0046A4AC appears 60 times |
Source: Setup.exe, 00000002.00000002.440216351.0000000003AB0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Setup.exe |
Source: Setup.exe, 00000002.00000002.440985276.0000000004B90000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamempr.dll.muij% vs Setup.exe |
Source: Setup.exe, 00000002.00000002.440961544.0000000004B60000.00000002.00000001.sdmp | Binary or memory string: originalfilename vs Setup.exe |
Source: Setup.exe, 00000002.00000002.440961544.0000000004B60000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs Setup.exe |
Source: Setup.exe, 00000002.00000002.440704372.0000000004A60000.00000002.00000001.sdmp | Binary or memory string: System.OriginalFileName vs Setup.exe |
Source: Setup.exe, 00000002.00000002.440618070.0000000004790000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameWindows.Storage.dll.MUIj% vs Setup.exe |
Source: Setup.exe, 00000002.00000002.440490177.0000000004560000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameSHELL32.DLL.MUIj% vs Setup.exe |
Source: Setup.exe, 00000004.00000002.477185718.0000000004480000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameuser32j% vs Setup.exe |
Source: Setup.exe, 00000004.00000002.477081557.0000000004420000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameSHELL32.DLL.MUIj% vs Setup.exe |
Source: Setup.exe, 00000004.00000002.476893767.0000000003BC0000.00000002.00000001.sdmp | Binary or memory string: originalfilename vs Setup.exe |
Source: Setup.exe, 00000004.00000002.476893767.0000000003BC0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs Setup.exe |
Source: Setup.exe, 00000004.00000002.476711345.0000000003AB0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Setup.exe |
Source: Setup.exe, 00000004.00000002.477336968.0000000004670000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamempr.dll.muij% vs Setup.exe |
Source: Setup.exe, 00000004.00000002.477479643.0000000004A70000.00000002.00000001.sdmp | Binary or memory string: System.OriginalFileName vs Setup.exe |
Source: Setup.exe, 00000004.00000002.477315032.0000000004660000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameWindows.Storage.dll.MUIj% vs Setup.exe |
Source: C:\Windows\System32\conhost.exe | Mutant created: \BaseNamedObjects\Local\SM0:5904:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3236:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \BaseNamedObjects\Local\SM0:6968:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1636:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \BaseNamedObjects\Local\SM0:7112:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe | Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4660:120:WilError_01 |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: debuglog |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: runfromtemp |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: reboot |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: %s%s |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: tempdisk1folder |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: ISSetup.dll |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: ISSetup.dll |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: Skin |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: Startup |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: setup.isn |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: count |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: Languages |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: key%d |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: Languages |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: %s\0x%04x.ini |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: %s\0x%04x.ini |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: %s\%04x.mst |
Source: C:\Users\user\Desktop\Setup.exe | Command line argument: %s\%04x.mst |
Source: C:\Windows\SysWOW64\taskkill.exe | WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "CloudHttpServer.exe") |
Source: C:\Windows\SysWOW64\taskkill.exe | WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "CloudHttpWindowPopup.exe") |
Source: unknown | Process created: C:\Users\user\Desktop\Setup.exe 'C:\Users\user\Desktop\Setup.exe' -install |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p |
Source: unknown | Process created: C:\Users\user\Desktop\Setup.exe 'C:\Users\user\Desktop\Setup.exe' /install |
Source: unknown | Process created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i 'C:\Users\user\AppData\Local\Downloaded Installations\{877F9BE8-C6E2-462D-9A96-09E42390D002}\Star4Live_P2P.msi' SETUPEXEDIR='C:\Users\user\Desktop' SETUPEXENAME='Setup.exe' |
Source: unknown | Process created: C:\Users\user\Desktop\Setup.exe 'C:\Users\user\Desktop\Setup.exe' /load |
Source: unknown | Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 9E242D63C6C5D5E231BB9EB11245C520 C |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS |
Source: unknown | Process created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i 'Star4Live_P2P.msi' SETUPEXEDIR='C:\Users\user\Desktop' SETUPEXENAME='Setup.exe' |
Source: unknown | Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 473428559025B542E3E2396586915966 C |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService |
Source: unknown | Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc |
Source: unknown | Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup |
Source: unknown | Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p |
Source: unknown | Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe |
Source: unknown | Process created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc |
Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p |
Source: unknown | Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D1843EBFEE2228D346DEF5F3B9D57C7D |
Source: unknown | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe |
Source: unknown | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM CloudHttpServer.exe |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM CloudHttpServer.exe |
Source: unknown | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM CloudHttpWindowPopup.exe |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM CloudHttpWindowPopup.exe |
Source: unknown | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpServer.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpServer.exe |
Source: unknown | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: unknown | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe |
Source: unknown | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\Setup.exe | Process created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i 'C:\Users\user\AppData\Local\Downloaded Installations\{877F9BE8-C6E2-462D-9A96-09E42390D002}\Star4Live_P2P.msi' SETUPEXEDIR='C:\Users\user\Desktop' SETUPEXENAME='Setup.exe' |
Source: C:\Users\user\Desktop\Setup.exe | Process created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i 'Star4Live_P2P.msi' SETUPEXEDIR='C:\Users\user\Desktop' SETUPEXENAME='Setup.exe' |
Source: C:\Users\user\Desktop\Setup.exe | Process created: unknown unknown |
Source: C:\Windows\System32\svchost.exe | Process created: unknown unknown |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM CloudHttpServer.exe |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM CloudHttpWindowPopup.exe |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpServer.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpServer.exe |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWindowPopup.exe |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: unknown unknown |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: unknown unknown |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: unknown unknown |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM CloudHttpServer.exe |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM CloudHttpWindowPopup.exe |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Windows\SysWOW64\msiexec.exe | Automated click: Next > |
Source: C:\Windows\SysWOW64\msiexec.exe | Automated click: Install |
Source: C:\Windows\SysWOW64\msiexec.exe | Automated click: Install |
Source: C:\Windows\SysWOW64\msiexec.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Automated click: OK |
Source: C:\Windows\SysWOW64\msiexec.exe | Automated click: Next > |
Source: C:\Windows\SysWOW64\msiexec.exe | Automated click: Install |
Source: C:\Windows\SysWOW64\msiexec.exe | Automated click: Install |
Source: C:\Windows\SysWOW64\msiexec.exe | Automated click: OK |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_004481BD push 590001EBh; ret |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0046A4F1 push ecx; ret |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_3_0076DB2A push E8006209h; ret |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0074CE74 pushfd ; iretd |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0074CF50 push esp; iretd |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_00754244 push edx; retf |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0074CE34 pushad ; iretd |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0074D734 push 680074C3h; ret |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0074D720 pushfd ; iretd |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_00750DF3 push F00074C3h; retf |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0074D8FB pushad ; iretd |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0075AFD8 push eax; iretd |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0074E6CB pushad ; retf |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_007551BD push eax; retn 0074h |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 2_2_0076DB2A push E8006209h; ret |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 4_2_020D9671 push FFFFFFFFh; iretd |
Source: C:\Users\user\Desktop\Setup.exe | Code function: 0_2_0045D179 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\msiexec.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\msiexec.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\msiexec.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Setup.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\msiexec.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\svchost.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpServer.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe | Last function: Thread delayed |
Source: C:\Users\user\Desktop\Setup.exe | File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation |
Source: C:\Users\user\Desktop\Setup.exe | File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Users\user\Desktop\Setup.exe | File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | File Volume queried: C:\ FullSizeInformation |
Source: svchost.exe, 00000008.00000002.502292527.0000029037C62000.00000004.00000001.sdmp | Binary or memory string: "@Hyper-V RAW |
Source: svchost.exe, 00000001.00000002.212378572.0000011F65540000.00000002.00000001.sdmp, Setup.exe, 00000002.00000002.440216351.0000000003AB0000.00000002.00000001.sdmp, msiexec.exe, 00000003.00000002.390645671.0000000008180000.00000002.00000001.sdmp, Setup.exe, 00000004.00000002.476711345.0000000003AB0000.00000002.00000001.sdmp, msiexec.exe, 00000009.00000002.432713310.0000000005DE0000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.285220007.0000012B46D40000.00000002.00000001.sdmp, svchost.exe, 0000000D.00000002.501388499.000002809FF40000.00000002.00000001.sdmp, svchost.exe, 00000013.00000002.301516817.0000026241340000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: svchost.exe, 00000008.00000002.502250961.0000029037C4A000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW |
Source: svchost.exe, 0000000C.00000002.493000570.000002A06F802000.00000004.00000001.sdmp | Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService |
Source: svchost.exe, 00000001.00000002.212378572.0000011F65540000.00000002.00000001.sdmp, Setup.exe, 00000002.00000002.440216351.0000000003AB0000.00000002.00000001.sdmp, msiexec.exe, 00000003.00000002.390645671.0000000008180000.00000002.00000001.sdmp, Setup.exe, 00000004.00000002.476711345.0000000003AB0000.00000002.00000001.sdmp, msiexec.exe, 00000009.00000002.432713310.0000000005DE0000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.285220007.0000012B46D40000.00000002.00000001.sdmp, svchost.exe, 0000000D.00000002.501388499.000002809FF40000.00000002.00000001.sdmp, svchost.exe, 00000013.00000002.301516817.0000026241340000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: svchost.exe, 00000001.00000002.212378572.0000011F65540000.00000002.00000001.sdmp, Setup.exe, 00000002.00000002.440216351.0000000003AB0000.00000002.00000001.sdmp, msiexec.exe, 00000003.00000002.390645671.0000000008180000.00000002.00000001.sdmp, Setup.exe, 00000004.00000002.476711345.0000000003AB0000.00000002.00000001.sdmp, msiexec.exe, 00000009.00000002.432713310.0000000005DE0000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.285220007.0000012B46D40000.00000002.00000001.sdmp, svchost.exe, 0000000D.00000002.501388499.000002809FF40000.00000002.00000001.sdmp, svchost.exe, 00000013.00000002.301516817.0000026241340000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: CloudHttpWindowPopup.exe, 00000021.00000002.337979422.0000000000817000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll= |
Source: svchost.exe, 0000000C.00000002.493232316.000002A06F829000.00000004.00000001.sdmp, svchost.exe, 0000000D.00000002.493725245.000002809F244000.00000004.00000001.sdmp, svchost.exe, 0000000F.00000002.494136581.0000021B63829000.00000004.00000001.sdmp, CloudHttpWindowPopup.exe, 00000026.00000002.352077851.0000000000DD8000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: svchost.exe, 00000001.00000002.212378572.0000011F65540000.00000002.00000001.sdmp, Setup.exe, 00000002.00000002.440216351.0000000003AB0000.00000002.00000001.sdmp, msiexec.exe, 00000003.00000002.390645671.0000000008180000.00000002.00000001.sdmp, Setup.exe, 00000004.00000002.476711345.0000000003AB0000.00000002.00000001.sdmp, msiexec.exe, 00000009.00000002.432713310.0000000005DE0000.00000002.00000001.sdmp, svchost.exe, 0000000B.00000002.285220007.0000012B46D40000.00000002.00000001.sdmp, svchost.exe, 0000000D.00000002.501388499.000002809FF40000.00000002.00000001.sdmp, svchost.exe, 00000013.00000002.301516817.0000026241340000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM CloudHttpServer.exe |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM CloudHttpWindowPopup.exe |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: unknown unknown |
Source: C:\Program Files (x86)\Star4Live\Star4Live_P2P\CloudHttpWin32Server.exe | Process created: unknown unknown |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM CloudHttpServer.exe |
Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM CloudHttpWindowPopup.exe |
Source: svchost.exe, 0000000E.00000002.493198482.0000025780000000.00000002.00000001.sdmp | Binary or memory string: Program Manager |
Source: Setup.exe, svchost.exe, 0000000E.00000002.493198482.0000025780000000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: svchost.exe, 0000000E.00000002.493198482.0000025780000000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: Setup.exe | Binary or memory string: AShell_TrayWndTahoma0x0409NoSuppressRebootKeyDotNetOptionalInstallIfSilentDotNetOptionalSETUPEXENAMESETUPEXEDIRCertKeyCacheFolderCacheRootLocationTypeSuppressWrongOSSuppressReboot |
Source: svchost.exe, 0000000E.00000002.493198482.0000025780000000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |
Source: Setup.exe | Binary or memory string: AShell_TrayWnd |
Source: C:\Users\user\Desktop\Setup.exe | Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: GetLocaleInfoA, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: GetLocaleInfoA, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\Desktop\Setup.exe | Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW, |
Source: C:\Windows\SysWOW64\msiexec.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\System32\svchost.exe | Queries volume information: C:\ VolumeInformation |
Source: C:\Windows\SysWOW64\msiexec.exe | Queries volume information: C:\ VolumeInformation |