Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2. source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb$I` source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wkernel32.pdb source: dialer.exe, 00000005.00000003.1934515258.0000000004CD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934457085.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wkernelbase.pdb source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb source: dialer.exe, 00000005.00000003.1933919289.0000000004DA0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1933537331.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdbUGP source: dialer.exe, 00000005.00000003.1934155632.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934298926.0000000004D50000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdbUGP source: dialer.exe, 00000005.00000003.1933919289.0000000004DA0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1933537331.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: dialer.exe, 00000005.00000003.1934155632.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934298926.0000000004D50000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: win32u.pdb source: wmplayer.exe, wmplayer.exe, 00000010.00000003.2232497816.0000020343550000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000003.2232660082.0000020343580000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernel32.pdbUGP source: dialer.exe, 00000005.00000003.1934515258.0000000004CD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934457085.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernelbase.pdbUGP source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: win32u.pdbGCTL source: wmplayer.exe, 00000010.00000003.2232497816.0000020343550000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000003.2232660082.0000020343580000.00000004.00000001.00020000.00000000.sdmp |
Source: unknown |
TCP traffic detected without corresponding DNS query: 104.46.162.224 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.67.91 |
Source: dialer.exe, 00000005.00000002.1994131096.000000000259C000.00000004.00000010.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1998374665.0000000004F50000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1996018655.0000000004B28000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 0000000F.00000003.2319739898.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256043552.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146388100.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321330995.000001F0D737C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321549596.000001F0D7426000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2265610834.000001F0D73C9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321675274.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2080480545.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2147044132.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2079654830.000001F0D73C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081757953.000001F0D745A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146780180.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081590039.000001F0D743B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075439224.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256879858.000001F0D73C9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075836836.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0n |
Source: OpenWith.exe, 0000000F.00000003.2319739898.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256043552.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146388100.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321675274.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2080480545.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2147044132.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2079654830.000001F0D73C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081757953.000001F0D745A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146780180.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081590039.000001F0D743B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075439224.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075836836.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2077245236.000001F0D7444000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2116540453.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2108797615.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2077757038.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075206262.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2147260095.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2078142726.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2079158440.000001F0D73C6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0n: |
Source: dialer.exe, 00000005.00000002.1998374665.0000000004F50000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1996018655.0000000004B28000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0nkernelbasentdllkernel32GetProcessMitigati |
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://aui-cdn.atlassian.com/ |
Source: nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/ |
Source: nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/0 |
Source: nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitbucket.org/exlices2dsasd/felijsd/raw/97efb5e9acdf5e9946a2959d44a26bcaae894841/DEFSAFAAAAA |
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.cookielaw.org/ |
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://d136azpfpnge1l.cloudfront.net/; |
Source: nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://d301sr5gafysq2.cloudfront.net/ |
Source: OpenWith.exe, 0000000F.00000003.2080999215.000001F0D7613000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discord.com |
Source: OpenWith.exe, 0000000F.00000003.2080999215.000001F0D7613000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discordapp.com |
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net |
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net |
Source: OpenWith.exe, 0000000F.00000003.2078142726.000001F0D73A6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: OpenWith.exe, 0000000F.00000003.2076605269.000001F0D7644000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: OpenWith.exe, 0000000F.00000003.2077419633.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5a |
Source: OpenWith.exe, 0000000F.00000003.2078142726.000001F0D73A6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2076758664.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: OpenWith.exe, 0000000F.00000003.2076758664.000001F0D7394000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17A66 |
Source: OpenWith.exe, 0000000F.00000003.2076605269.000001F0D7644000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: OpenWith.exe, 0000000F.00000002.2321311463.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2230586542.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081434576.000001F0D7371000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2265431962.000001F0D7371000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2107281075.000001F0D7374000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2109142807.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2116414121.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256683034.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17N-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP |
Source: OpenWith.exe, 0000000F.00000003.2076758664.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6 |
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website |
Source: nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website~e |
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_000001F0D55130C7 RtlAllocateHeap,RtlAllocateHeap,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlDeleteBoundaryDescriptor,RtlDeleteBoundaryDescriptor, |
15_3_000001F0D55130C7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E575A540 NtAcceptConnectPort, |
15_3_00007DF4E575A540 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E575A600 NtAcceptConnectPort, |
15_3_00007DF4E575A600 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E575B154 NtAcceptConnectPort,NtAcceptConnectPort, |
15_3_00007DF4E575B154 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E575B088 NtAcceptConnectPort,NtAcceptConnectPort, |
15_3_00007DF4E575B088 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E575A2B0 NtAcceptConnectPort, |
15_3_00007DF4E575A2B0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E57592CC NtAcceptConnectPort,DuplicateHandle,NtAcceptConnectPort,??3@YAXPEAX@Z,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort, |
15_3_00007DF4E57592CC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5758C90 NtAcceptConnectPort, |
15_3_00007DF4E5758C90 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5759CA0 _calloc_dbg,NtAcceptConnectPort, |
15_3_00007DF4E5759CA0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5758C08 NtAcceptConnectPort, |
15_3_00007DF4E5758C08 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5759F40 NtAcceptConnectPort, |
15_3_00007DF4E5759F40 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5758D74 NtAcceptConnectPort, |
15_3_00007DF4E5758D74 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5758D94 NtAcceptConnectPort, |
15_3_00007DF4E5758D94 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5759AF4 _malloc_dbg,NtAcceptConnectPort,NtAcceptConnectPort,??3@YAXPEAX@Z, |
15_3_00007DF4E5759AF4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5758AFC NtAcceptConnectPort, |
15_3_00007DF4E5758AFC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5758A40 NtAcceptConnectPort, |
15_3_00007DF4E5758A40 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_2_000001F0D53B1A90 NtAcceptConnectPort,NtAcceptConnectPort,RtlAddVectoredExceptionHandler, |
15_2_000001F0D53B1A90 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_2_000001F0D53B0AC8 NtAcceptConnectPort,NtAcceptConnectPort, |
15_2_000001F0D53B0AC8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_2_000001F0D53B15AC NtAcceptConnectPort, |
15_2_000001F0D53B15AC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_2_000001F0D53B1CD0 RtlAllocateHeap,NtAcceptConnectPort,FindCloseChangeNotification, |
15_2_000001F0D53B1CD0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_3_00007DF445C31CE8 _calloc_dbg,CreateProcessW,NtResumeThread,FindCloseChangeNotification,??3@YAXPEAX@Z, |
16_3_00007DF445C31CE8 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_3_00007DF445C31958 _calloc_dbg,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory, |
16_3_00007DF445C31958 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_0000020343292508 NtAcceptConnectPort, |
16_2_0000020343292508 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432923F4 NtAcceptConnectPort, |
16_2_00000203432923F4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_0000020343292C40 NtAcceptConnectPort, |
16_2_0000020343292C40 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432929B0 NtAcceptConnectPort, |
16_2_00000203432929B0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432928C4 NtAcceptConnectPort, |
16_2_00000203432928C4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_000002034329296C NtAcceptConnectPort, |
16_2_000002034329296C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_0000020343292894 NtAcceptConnectPort, |
16_2_0000020343292894 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_0000020343292868 NtAcceptConnectPort, |
16_2_0000020343292868 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_0000020343292794 NtAcceptConnectPort, |
16_2_0000020343292794 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00007DF445C52704 NtQuerySystemInformation,_malloc_dbg,NtQuerySystemInformation, |
16_2_00007DF445C52704 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5A385C NtQuerySystemInformation, |
17_2_000001D3CF5A385C |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Code function: 0_3_03DB0AA0 |
0_3_03DB0AA0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_000001F0D5514A38 |
15_3_000001F0D5514A38 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_000001F0D5512C3C |
15_3_000001F0D5512C3C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_000001F0D55124F7 |
15_3_000001F0D55124F7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_000001F0D5515E7C |
15_3_000001F0D5515E7C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_000001F0D551557C |
15_3_000001F0D551557C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_000001F0D55158FC |
15_3_000001F0D55158FC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_000001F0D5511BA6 |
15_3_000001F0D5511BA6 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_000001F0D551279C |
15_3_000001F0D551279C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5767318 |
15_3_00007DF4E5767318 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5745BD8 |
15_3_00007DF4E5745BD8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E574BEC4 |
15_3_00007DF4E574BEC4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E579F4FC |
15_3_00007DF4E579F4FC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5788534 |
15_3_00007DF4E5788534 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E57AA3F4 |
15_3_00007DF4E57AA3F4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E58293FC |
15_3_00007DF4E58293FC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E573E414 |
15_3_00007DF4E573E414 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E577C45C |
15_3_00007DF4E577C45C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E58173A0 |
15_3_00007DF4E58173A0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E58183B8 |
15_3_00007DF4E58183B8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E58246F8 |
15_3_00007DF4E58246F8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5818750 |
15_3_00007DF4E5818750 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E574D688 |
15_3_00007DF4E574D688 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E57CB68C |
15_3_00007DF4E57CB68C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E57D40A0 |
15_3_00007DF4E57D40A0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E579B094 |
15_3_00007DF4E579B094 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E580C01C |
15_3_00007DF4E580C01C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5796F78 |
15_3_00007DF4E5796F78 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5786FA0 |
15_3_00007DF4E5786FA0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5743314 |
15_3_00007DF4E5743314 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E577D210 |
15_3_00007DF4E577D210 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5818238 |
15_3_00007DF4E5818238 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E58111BC |
15_3_00007DF4E58111BC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E58241DC |
15_3_00007DF4E58241DC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5817CF4 |
15_3_00007DF4E5817CF4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5731BFC |
15_3_00007DF4E5731BFC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5740C44 |
15_3_00007DF4E5740C44 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E575EC44 |
15_3_00007DF4E575EC44 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5788BE8 |
15_3_00007DF4E5788BE8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E57A6F20 |
15_3_00007DF4E57A6F20 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E581CF3C |
15_3_00007DF4E581CF3C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5829F40 |
15_3_00007DF4E5829F40 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E577CEC4 |
15_3_00007DF4E577CEC4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5789E68 |
15_3_00007DF4E5789E68 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5813DE0 |
15_3_00007DF4E5813DE0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E577F954 |
15_3_00007DF4E577F954 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E58158AC |
15_3_00007DF4E58158AC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E58178D8 |
15_3_00007DF4E58178D8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E580780C |
15_3_00007DF4E580780C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5796834 |
15_3_00007DF4E5796834 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E574D850 |
15_3_00007DF4E574D850 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5787860 |
15_3_00007DF4E5787860 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E57577A0 |
15_3_00007DF4E57577A0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E57717C4 |
15_3_00007DF4E57717C4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E577C7E8 |
15_3_00007DF4E577C7E8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5796B20 |
15_3_00007DF4E5796B20 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5796A10 |
15_3_00007DF4E5796A10 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5734A14 |
15_3_00007DF4E5734A14 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5784A14 |
15_3_00007DF4E5784A14 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E578A9C4 |
15_3_00007DF4E578A9C4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_2_000001F0D53B0C5C |
15_2_000001F0D53B0C5C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_3_00007DF445C34EFC |
16_3_00007DF445C34EFC |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_3_00007DF445C3392C |
16_3_00007DF445C3392C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_3_00007DF445C32204 |
16_3_00007DF445C32204 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_0000020343292D00 |
16_2_0000020343292D00 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_000002034328C254 |
16_2_000002034328C254 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_000002034328262C |
16_2_000002034328262C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432814D0 |
16_2_00000203432814D0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432A6CE0 |
16_2_00000203432A6CE0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432BECAC |
16_2_00000203432BECAC |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_000002034329DCB4 |
16_2_000002034329DCB4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432C0D58 |
16_2_00000203432C0D58 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B959C |
16_2_00000203432B959C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B5578 |
16_2_00000203432B5578 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432BCBBC |
16_2_00000203432BCBBC |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432C63FC |
16_2_00000203432C63FC |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B0440 |
16_2_00000203432B0440 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_0000020343295AAC |
16_2_0000020343295AAC |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_000002034329E368 |
16_2_000002034329E368 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B4A18 |
16_2_00000203432B4A18 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432C3A15 |
16_2_00000203432C3A15 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B3A00 |
16_2_00000203432B3A00 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_0000020343297240 |
16_2_0000020343297240 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432C0238 |
16_2_00000203432C0238 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B58E0 |
16_2_00000203432B58E0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432BF908 |
16_2_00000203432BF908 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432BE94C |
16_2_00000203432BE94C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432A0144 |
16_2_00000203432A0144 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432BF198 |
16_2_00000203432BF198 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_000002034329CFE0 |
16_2_000002034329CFE0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432AD81C |
16_2_00000203432AD81C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432BA7E4 |
16_2_00000203432BA7E4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432A705C |
16_2_00000203432A705C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432C083C |
16_2_00000203432C083C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B4898 |
16_2_00000203432B4898 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_000002034329C720 |
16_2_000002034329C720 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_0000020343296EF4 |
16_2_0000020343296EF4 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B3F38 |
16_2_00000203432B3F38 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B4DB0 |
16_2_00000203432B4DB0 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_000002034329F5E8 |
16_2_000002034329F5E8 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432A764C |
16_2_00000203432A764C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432B5E90 |
16_2_00000203432B5E90 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_000002034329BE88 |
16_2_000002034329BE88 |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432A3E6C |
16_2_00000203432A3E6C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00000203432A867C |
16_2_00000203432A867C |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Code function: 16_2_00007DF445C422CC |
16_2_00007DF445C422CC |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5B8EB8 |
17_2_000001D3CF5B8EB8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5BF76C |
17_2_000001D3CF5BF76C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5C25B4 |
17_2_000001D3CF5C25B4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5AC5D4 |
17_2_000001D3CF5AC5D4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5CC668 |
17_2_000001D3CF5CC668 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5C4660 |
17_2_000001D3CF5C4660 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5BAE10 |
17_2_000001D3CF5BAE10 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5D1E08 |
17_2_000001D3CF5D1E08 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5AD604 |
17_2_000001D3CF5AD604 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5A8DF4 |
17_2_000001D3CF5A8DF4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5CC500 |
17_2_000001D3CF5CC500 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5BA4F8 |
17_2_000001D3CF5BA4F8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5B9D30 |
17_2_000001D3CF5B9D30 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5BE51C |
17_2_000001D3CF5BE51C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5B53C8 |
17_2_000001D3CF5B53C8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5A737C |
17_2_000001D3CF5A737C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5ABC68 |
17_2_000001D3CF5ABC68 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5B92D4 |
17_2_000001D3CF5B92D4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5C2AA0 |
17_2_000001D3CF5C2AA0 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5C3B40 |
17_2_000001D3CF5C3B40 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5B8980 |
17_2_000001D3CF5B8980 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5B9998 |
17_2_000001D3CF5B9998 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5C2254 |
17_2_000001D3CF5C2254 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5C3210 |
17_2_000001D3CF5C3210 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5C4144 |
17_2_000001D3CF5C4144 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5ABFE4 |
17_2_000001D3CF5ABFE4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5B27A4 |
17_2_000001D3CF5B27A4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5BA860 |
17_2_000001D3CF5BA860 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5B9818 |
17_2_000001D3CF5B9818 |
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0 |
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: OpenWith.exe, 0000000F.00000003.2075945157.000001F0D7651000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2076104361.000001F0D7651000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2076270773.000001F0D7610000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: unknown |
Process created: C:\Users\user\Desktop\nF54KOU30R.exe "C:\Users\user\Desktop\nF54KOU30R.exe" |
|
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process created: C:\Windows\SysWOW64\dialer.exe "C:\Windows\system32\dialer.exe" |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 516 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 552 |
|
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 1864 |
|
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 1980 |
|
Source: C:\Windows\SysWOW64\dialer.exe |
Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe" |
|
Source: C:\Windows\System32\OpenWith.exe |
Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe" |
|
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" |
|
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process created: C:\Windows\SysWOW64\dialer.exe "C:\Windows\system32\dialer.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe" |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe" |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Section loaded: certmgr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: tapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2. source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb$I` source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wkernel32.pdb source: dialer.exe, 00000005.00000003.1934515258.0000000004CD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934457085.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: wkernelbase.pdb source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb source: dialer.exe, 00000005.00000003.1933919289.0000000004DA0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1933537331.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdbUGP source: dialer.exe, 00000005.00000003.1934155632.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934298926.0000000004D50000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdbUGP source: dialer.exe, 00000005.00000003.1933919289.0000000004DA0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1933537331.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: dialer.exe, 00000005.00000003.1934155632.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934298926.0000000004D50000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: win32u.pdb source: wmplayer.exe, wmplayer.exe, 00000010.00000003.2232497816.0000020343550000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000003.2232660082.0000020343580000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernel32.pdbUGP source: dialer.exe, 00000005.00000003.1934515258.0000000004CD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934457085.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: wkernelbase.pdbUGP source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp |
Source: |
Binary string: win32u.pdbGCTL source: wmplayer.exe, 00000010.00000003.2232497816.0000020343550000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000003.2232660082.0000020343580000.00000004.00000001.00020000.00000000.sdmp |
Source: 15.3.OpenWith.exe.1f0d742aad0.19.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.19.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d742aad0.14.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.14.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d742aad0.24.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.24.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.2.OpenWith.exe.1f0d7609d60.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.2.OpenWith.exe.1f0d7609d60.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d742aad0.11.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.11.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d742aad0.20.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.20.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d742aad0.27.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.27.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d7609d60.30.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d7609d60.30.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d742aad0.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.1.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d742aad0.10.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.10.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d742aad0.5.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.5.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: 15.3.OpenWith.exe.1f0d742aad0.6.raw.unpack, Runtime.cs |
.Net Code: CoreMain System.Reflection.Assembly.Load(byte[]) |
Source: 15.3.OpenWith.exe.1f0d742aad0.6.raw.unpack, Runtime.cs |
.Net Code: CoreMain |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Code function: 0_3_03D6FF22 push edi; iretd |
0_3_03D6FF2D |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Code function: 0_3_03D68964 push ebx; retf |
0_3_03D68965 |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Code function: 0_3_03D6750E push ds; iretd |
0_3_03D67517 |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Code function: 0_3_03D694E9 push cs; retf |
0_3_03D69565 |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 5_3_025D3E4E push edi; iretd |
5_3_025D3E55 |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 5_3_025D5CD2 push dword ptr [edx+ebp+3Bh]; retf |
5_3_025D5CDF |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 5_3_025D3B74 pushad ; retf |
5_3_025D3B83 |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 5_3_025D4305 push F693B671h; retf |
5_3_025D430A |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 5_3_025D0FCE push eax; retf |
5_3_025D0FCF |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 5_3_025D4FC8 push es; ret |
5_3_025D4FC9 |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 5_3_025D45FC push esi; ret |
5_3_025D4600 |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 5_3_025D21EF push ecx; iretd |
5_3_025D21FB |
Source: C:\Windows\SysWOW64\dialer.exe |
Code function: 5_3_025D21AF pushad ; ret |
5_3_025D21B7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5749D1E push esi; retf 000Ah |
15_3_00007DF4E5749D1F |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 15_3_00007DF4E5744CA0 push edx; ret |
15_3_00007DF4E5744CAB |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5A0DDD push edx; iretd |
17_2_000001D3CF5A0DDE |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5A0314 push ecx; iretd |
17_2_000001D3CF5A0316 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_000001D3CF5A0922 push es; ret |
17_2_000001D3CF5A0925 |
Source: C:\Users\user\Desktop\nF54KOU30R.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\dialer.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\wmplayer.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: wmplayer.exe, 00000010.00000002.2882270249.00000203433F7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWpMAC |
Source: dialer.exe, 00000005.00000002.1994333377.0000000002978000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWx |
Source: OpenWith.exe, 0000000F.00000003.2079140690.000001F0D7399000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink |
Source: OpenWith.exe, 0000000F.00000003.2079140690.000001F0D7399000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink |
Source: dialer.exe, 00000005.00000002.1994333377.0000000002978000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWP |
Source: OpenWith.exe, 0000000F.00000003.2042892302.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMCIDevSymbolf |
Source: wmplayer.exe, 00000010.00000002.2882270249.00000203433F7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAWQ |
Source: dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: DisableGuestVmNetworkConnectivity |
Source: nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW O |
Source: nF54KOU30R.exe, 00000000.00000003.1916214760.0000000001000000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000001000000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1994333377.0000000002978000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000002.2882270249.00000203433F7000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000011.00000002.2881521633.000001D3CF5FB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW |
Source: OpenWith.exe, 0000000F.00000003.2075439224.000001F0D7372000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkymbolicLinkcLinkSymbolicLinkY |
Source: dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: EnableGuestVmNetworkConnectivity |
Source: OpenWith.exe, 0000000F.00000003.2116414121.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_die |
Source: OpenWith.exe, 0000000F.00000003.2079637788.000001F0D7399000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %AppData%\Qtum-Electrum\config |
Source: OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %AppData%\ElectronCash\config |
Source: OpenWith.exe, 0000000F.00000003.2077419633.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %AppData%\com.liberty.jaxx |
Source: OpenWith.exe, 0000000F.00000003.2081933128.000001F0D7444000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: C:\Users\user\AppData\Local\Exodus\exodus.wallet |
Source: OpenWith.exe, 0000000F.00000003.2081434576.000001F0D7371000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: passphrase.json |
Source: OpenWith.exe, 0000000F.00000003.2107739996.000001F0D7435000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: !%LOCALAPPDATA%\Ethereum\keystore\ |
Source: OpenWith.exe, 0000000F.00000003.2081933128.000001F0D7444000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: C:\Users\user\AppData\Local\Exodus\exodus.wallet |
Source: OpenWith.exe, 0000000F.00000003.2107739996.000001F0D7435000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: Ethereum |
Source: OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: %AppData%\Coinomi\Coinomi\wallets |
Source: OpenWith.exe, 0000000F.00000003.2107739996.000001F0D7435000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: !%LOCALAPPDATA%\Ethereum\keystore\ |
Source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtab |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.default |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnails |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm |
Jump to behavior |