Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Users\user\AppData\Local\Temp\chrome.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe |
Jump to behavior |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:23 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-0QV0jR1sln1Fj9GcaoYkkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1642X-GUploader-UploadID: ACJd0NqEruspLaOOJrRSdie2_aGIN3xoT1qKJPCv28Ewi5NyH5stL_p5JWbOIcSn2tbgeHGVOMMServer: UploadServerSet-Cookie: NID=515=hvNqLQGGTW_jz-Z-2Gifs1ZmMOcy9V7YwuCTkJ9UsaPlvIDjrgJvd-weTfYLZ6plN_u27mHeGvvWsNasfuhssEgcVrwaGUfDL1rg6SbcVNO2Nw5L9UyXxHRiiCXTd3QV4aREWJhGdvGnJQwd-rryP0B_x1r3oXK265LQum1pmfM; expires=Wed, 01-Jan-2025 04:51:23 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:23 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-h6h2GTXVoNqcKn8WTpvzTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0NqU4FYcxiiXDjGMJzLQJaDvq7BpoOuNldwUMM6frWlpQrbTz676Tb4JJwdF83wtqWaRJ5YServer: UploadServerSet-Cookie: NID=515=IbPQbmkO8S1c__kDzWy2niX9im8MAVnJ0ifr197baqmYgMBHx1Gdq7YI3NNXycd3ge8Qf-Mkbwlt27bx5bRdhUEvWlqwVraURIaL3FIv8h2ePtmkvqEjd_HFpPJYvCrj-dzSXhJdnl_4WxISiCzdyaSwhb0j4OcPgFDXebu_nlw; expires=Wed, 01-Jan-2025 04:51:23 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:24 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-JGh5ZFeigZoyePwda9d-Sg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0NoLCQuFTHxzixSymh4FWFC4x7z1FNMxw8JsUy91o2gN6O-whJC79yHNdGRSUWuH6s1E32wServer: UploadServerSet-Cookie: NID=515=A3_DWj-uYlS8SG5SSf4h2bgber-DsAFUfVFi3FxDtVi6jdEuIU6gVf6qK91beLGBvOf1aDV0Nep13pF86ny2gczGzT-3nbHCtLKC8cn0g8_K7gZDcqKMbM307ceTmcEP8JCdf4BXdMiJYzViINyBdRPd8CGRJRG-5NAuxhs9Z5M; expires=Wed, 01-Jan-2025 04:51:24 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:25 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-txAM4vljkJyEOkerxJU83g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0NoIVJD2eFQPpsPLn5BXSyvuiRddYNe_07ekdyBCjEpO79bvO9OvT_0IRPjpa7ovx8qt0tYServer: UploadServerSet-Cookie: NID=515=o4szNmhRxdEOpFNobS4rMMbmu-3EivKfgD6Q5al0DAW64LhUikGaJlMI-cBm7mLNXwkxPvbBZ-Ia6dvia8iuaYEoPaezX_sHVk5jDetH_LWMtVG34SM7KNzlV54GIajonBPBWzetB_m_DRq14rcIWPdoZKfiq8MFkIXaYmOJRGs; expires=Wed, 01-Jan-2025 04:51:25 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:26 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ncqU9Si3T-i0tD_uYa4hWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1642X-GUploader-UploadID: ACJd0NqZbGTKI7NPl2CG9mv_MEl7yd0TmKVw7-JxVwt-58cOfdrB8aPEl4KQO_fZGmhR1vfcLkhdyEURVQServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:27 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-a-T4zE9cKFjSGMXrX7JDPQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0NpUVMUdbztLVSQ7m7mrEIGog5Ar7xWuxOu_QMsj78GavUeu5GUoAfZcGUVoehwoKYHtbHbePRjRKAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:28 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-fR-ApMskgTBFLtSq6sCb_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0NqeN6Q4cT-zvrdPVy3snhenb7Dna7q2HehB5y46bz5vBA7IdDxbsvaaX34U1T-NfeyoWxIServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:28 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-J1EF8EbxuretIqP9HY1t4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1642X-GUploader-UploadID: ACJd0Nqkwod2GI1rEvL1pUygarQ45gBBvoToZhpZvGNv9f5z2dam5fVRcp0HYgnKMgPA1203X6sServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:29 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-kVDpRuKCD4uyuO0WUvhtDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0Nqf4Xf7TbVGyTmpmS6jUy7oOwqdZyFvU26b6o4sSmO6gkMLHzeIy1F1oMmXDnHFECUi4YAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:29 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-blvq0Cz9Ibl-rnmTliQcow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0NrmlMPjateOnBoiprlBLO2a8AJlEaufhd__rfL658RGh_jF9ua7yxuUvjvcJnMfIDP-_XkServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:33 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-c_5y4Y0Lf2Rp-dq9AXCPJg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1642X-GUploader-UploadID: ACJd0NqW3G8dHkA1FBHS1uwDFkop-lfiHxzcliTjWvVPEKthxFl7pqihGQgb5IRf6l24kY96_aX9605MygServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:33 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Z_comFUqJ7Xzw8Er5iZsvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0NqCJ9hnVyLCfOc2Qy3PWaize7-8y2smhAIkcx0BeQja-m36-Nw_60zfNafuUIqHSPMnsWNvp9eG-wServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:34 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-6JhqyyozaqQAfPPyvHb86w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0NoK2QvzEuzcJ3HE8WfNiOTcuxTayeiyOGwj9KKU2EH0W28TrovVdMiHLE2n6dvooPc0TlktjLy-LgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:36 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-LFtiodpXKCu1h31CpN-iSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1642X-GUploader-UploadID: ACJd0NpTn0hN5UTqxW0z_a8lgdpJ2_i4IFuK1-6SKJ0lmSUFH3U-7hVhjs-VzFCL9KW_mzX26Nsr0Mu7NQServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:36 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-RCw0PqSvDk3TIVvm2KJuRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1642X-GUploader-UploadID: ACJd0NpHnwrMyeiIEaGDnYysUriMvR4DYBPgTzzF2L3hiDu-k5yEDrDrnURj9iiE_WB_VKW_HgwServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:37 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-6pXfD0g84yghekOISxDelw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1642X-GUploader-UploadID: ACJd0Nrt9m-1jFOYMKnkshATZSidTuvLSd5CMrE6Gut81FJMn1a559m_sJIr6WseUVBgkxuogHIServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:38 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-KUYoDuJNS0F3Y8xM7eMdDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1642X-GUploader-UploadID: ACJd0NrD3jAHuAPqJTrQALYZMSg6-PhMFVCeR3ciIqJDdd2ZXXkJs87Yhq0hgc_af3J0DP0xqPoServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:40 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-EbkfP9u4Vq-yZpzq-_Djkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1642X-GUploader-UploadID: ACJd0NqwFDaLaxx8FYHMbgw3yLH-fhoxE4VV52E8qaOeg23FPcMAyA4qhOzPl4IXBd2dVYn2BgServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:40 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-eY94xt3BZCEdHZyJSp9JZw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1642X-GUploader-UploadID: ACJd0No98RWlRzMRK5gED_7lbzunIEd50U9VvzwSMd5t4L7G7nbKyjn0DBsl5mJdNnsy_lIXfNUServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:41 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-rEvFjCO2FNKLGjtGY8Y6bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0Nrld67_aAVtJz1_Du_CPnw3HIVAcGhSRnIqlt1VJ65LklsGTDcbQfahkTIF6ioebjd1CEcbsqzNeAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:41 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2Jz4d6Qt33HPueKfi6qztg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1642X-GUploader-UploadID: ACJd0NpQpOQG7CGhN3_ya49SG2rth0th2_-kgzTl8jZK-mW9b4YzoaHDQWnw6USWSglYd6iLgS5x2kIgaQServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:42 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LupTqJQw3HlWzat2QzvmTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1642X-GUploader-UploadID: ACJd0NpDd4tqHHaheh7yAxi4SfGZhN9Pn00FvcZuv9GKJikpDEowq1No-mABeFM4bJINSD5NggServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:42 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-gYZHdWbq5A2RJc4E3R0mlw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0No2EHOubJIn3YFoYe2sE91ou3Q3pcNmji4KfQXtpCLqBatOuJFfDeN7lvpQxt1N1zs522Maac29UQServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:45 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_Y6qAiylT6xf8fDV6Fte9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1642X-GUploader-UploadID: ACJd0NqgqRuATWkRMmymU7u7OWym97dVHafQSM41U-udIhRMYtjmeV2qL5aUjW5Jixv4ZcvoHc4Z_BX6FQServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:45 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_BdP4Wt5sLb6aiL2xSyKIQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1642X-GUploader-UploadID: ACJd0NrwUisrag8Jtvnvdz3fPymXOfLS7yrD7ix0I-uRvFNISRBRv-9EhjAUwCeXcoD62-ERYD6w1hNR1gServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:46 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wFEKGs1YUBSVa-shpU7naQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1642X-GUploader-UploadID: ACJd0NpQtXD6yPnqF9_FM_QLM4d-kexvuuEAcrIy6hyR5tM_OAO-frYy9uoZm2AzjMKDBu3DwsAServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Tue, 02 Jul 2024 04:51:46 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-p6dwDb7nRsxTPrOUptDVVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1642X-GUploader-UploadID: ACJd0NqiVmD_3i-gfw8BxH5-Y_1XWeDswdEP1PqP_zQj3yeO0OEq0Nhduu1Q1FGKc97iXUTSd6NgOkt-6AServer: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close |
Source: integrator.exe.0.dr |
String found in binary or memory: http://127.0.0.1:13556/InsiderSlabBehaviorReportedBuildInsiderSlabBehaviorInsiderSlabBehaviorReporte |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: powershell.exe, 00000018.00000002.2852792660.000000000774F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.micros |
Source: powershell.exe, 00000015.00000002.2829712033.0000000007B14000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2865908533.0000000008121000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl.microsoft |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: armsvc.exe.0.dr |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
Source: Synaptics.exe.2.dr |
String found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 |
Source: Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978T |
Source: Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978w |
Source: Synaptics.exe, 00000004.00000002.2505106985.00000000006CA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978y)_ |
Source: ._cache_F.exe, 00000003.00000002.3299291942.0000000002B72000.00000004.00000800.00020000.00000000.sdmp, ._cache_F.exe, 00000003.00000002.3299291942.0000000002B59000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://ip-api.com |
Source: F.exe, Synaptics.exe.2.dr |
String found in binary or memory: http://ip-api.com/line/?fields=hosting |
Source: F.exe, 00000000.00000002.2697075823.0000000000190000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: powershell.exe, 00000008.00000002.2281858184.00000000055BD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2802481932.0000000006529000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2823008513.0000000006039000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2834693917.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://nuget.org/NuGet.exe |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: powershell.exe, 0000001B.00000002.2765152080.0000000004EF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://pesterbdd.com/images/Pester.png |
Source: powershell.exe, 00000008.00000002.2264524529.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2752155516.0000000005616000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2757579122.0000000005126000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2765152080.0000000004EF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/ |
Source: ._cache_F.exe, 00000003.00000002.3299291942.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp, ._cache_F.exe, 00000003.00000002.3299291942.0000000002B59000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2264524529.0000000004551000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2752155516.00000000054CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2757579122.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2765152080.0000000004DA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: powershell.exe, 00000008.00000002.2264524529.00000000046A7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2752155516.0000000005616000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2757579122.0000000005126000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2765152080.0000000004EF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/wsdl/ |
Source: powershell.exe, 0000001B.00000002.2765152080.0000000004EF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
Source: Aut2exe.exe.0.dr |
String found in binary or memory: http://www.autoitscript.com/autoit3/ |
Source: armsvc.exe.0.dr, GoogleCrashHandler64.exe.0.dr |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: F.exe, Synaptics.exe.2.dr |
String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$ |
Source: F.exe, 00000002.00000003.2064449004.00000000021A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl |
Source: Synaptics.exe.2.dr |
String found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll |
Source: Synaptics.exe, 00000004.00000002.2511829684.0000000002130000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6 |
Source: Synaptics.exe.2.dr |
String found in binary or memory: http://xred.site50.net/syn/SUpdate.ini |
Source: Synaptics.exe, 00000004.00000002.2511829684.0000000002130000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ |
Source: Synaptics.exe.2.dr |
String found in binary or memory: http://xred.site50.net/syn/Synaptics.rar |
Source: Synaptics.exe, 00000004.00000002.2511829684.0000000002130000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ |
Source: powershell.exe, 00000008.00000002.2264524529.0000000004551000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2752155516.00000000054CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2757579122.0000000004FD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2765152080.0000000004DA1000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://aka.ms/pscore6lBcq |
Source: powershell.exe, 0000001B.00000002.2834693917.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/ |
Source: powershell.exe, 0000001B.00000002.2834693917.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/Icon |
Source: powershell.exe, 0000001B.00000002.2834693917.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://contoso.com/License |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/ |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/T.xlsx |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/UDTUBZFW.xlsx |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/elleme |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/etleniyor... |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/fons |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/google.com/APT |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/rver |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/ta |
Source: Synaptics.exe, 00000004.00000002.2525129927.00000000053CE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2539347979.000000000D86E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2535191044.000000000AF2E000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0; |
Source: Synaptics.exe, 00000004.00000002.2537824769.000000000CD2E000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXG |
Source: Synaptics.exe.2.dr |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download |
Source: Synaptics.exe, 00000004.00000002.2511829684.0000000002130000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN |
Source: F.exe, 00000002.00000003.2064449004.00000000021A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlot |
Source: F.exe, 00000002.00000003.2064449004.00000000021A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo |
Source: Synaptics.exe.2.dr |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download# |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#x5 |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$ |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$B |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$MF |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$v |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download% |
Source: Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%C |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%KE |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%r |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download& |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&0 |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download( |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(HR |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download) |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)BT |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)Bu |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)v |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download- |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Polq |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.net |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download. |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..9 |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..q |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.1 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.E |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.G |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com;l |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cx |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.goog |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/ |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/UM |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/d5 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/m |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/u |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/yI |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download00 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download01045ksv |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0Mj |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0u |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1 |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1Cm |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1T |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1kC |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2. |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download23 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2;Z |
Source: Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3 |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4CQ |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4UX |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4d |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4m |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5 |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download51:25 |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6M |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7 |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7VE |
Source: Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download81 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8CG |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8E |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8Ob |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9 |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9US |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9d |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9m |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download: |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download; |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;y |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download= |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download? |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?xY |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA- |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAB |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAPPKBM |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAj |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB0 |
Source: Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC1L |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCerLi |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCompa |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD6c |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDB |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDC |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDL |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDe |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDenet |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDk |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDl |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE. |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEE |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF1 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFE |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFM |
Source: Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG1-0 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG3 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG3N |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGRXZ |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGU |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG~ |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHO |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI6v |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIC |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIT |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIlW |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2511829684.0000000002130000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJd0N8 |
Source: Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK1N |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKy |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLN |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLU |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMFkIXaYmOJRGsm |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNA? |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNo |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOx |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2556341223.00000000101EE000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP0 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP1Y |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPL |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPW |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQU |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR |
Source: Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSA |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS~ |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUserR |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVB |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVL |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVv |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX-V |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXA |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXN |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ$ |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_ |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_.( |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadalifoy |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbB |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbv |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce$ |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce- |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelle |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcher |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadct |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcuri |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcyu |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddN |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.com |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade8 |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeC |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeTw |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeV |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectin |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadef. |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadek |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadel |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadena |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenet |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyoa |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadere |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetle |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfPr |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfor |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg1 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgE |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadggpht.cn?( |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgxq |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhL |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhU |
Source: Synaptics.exe, 00000004.00000002.2537092293.000000000C96E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2528325445.000000000699E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2561933231.0000000014B3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2562937353.00000000158FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2531914603.00000000076EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2556961561.0000000010AAE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2555989110.000000000FCEE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2560893436.0000000013EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2537365829.000000000CBEE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2551206758.000000000E52E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2557582484.000000001136E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2557875148.000000001172E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2553023388.000000000F06E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2560816353.0000000013D7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2560189642.00000000134BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2551380076.000000000E66E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2560371513.000000001373E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2561336497.00000000143BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2557489077.000000001122E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2529069116.00000000073AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2557682794.00000000114AE000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi |
Source: Synaptics.exe, 00000004.00000002.2532759525.00000000089AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2536053347.000000000BBAE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2568239629.0000000016BBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2527568628.000000000601E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2532898946.0000000008C2E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2569440947.0000000016F7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2559082108.00000000125BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2532693655.000000000886E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2558290618.0000000011E3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2559460304.0000000012ABE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2559365558.000000001297E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2556595304.00000000105AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2533252926.000000000926E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2559731200.0000000012E7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2538721882.000000000D36E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2534712710.000000000A8EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2529000793.000000000726E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2559551653.0000000012BFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2556504535.000000001046E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2568872141.0000000016CFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2559644828.0000000012D3E000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi4 |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadic |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadie |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadio0 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadion07 |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjC6 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjM |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjT |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadje |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjecti |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjk |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjlv |
Source: Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk& |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlE |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleI |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleM |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadli |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmU |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmeY |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.( |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnL |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadns-P |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnt |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DE98000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom8 |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadomI |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoml |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadone |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadonz |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpN |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpe |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpl |
Source: Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq1 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq1B |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqE |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr... |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...# |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrK |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrU |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrc |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrg |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrtDT |
Source: Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsx |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt |
Source: Synaptics.exe, 00000004.00000002.2530140781.00000000074D1000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtM |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtc |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadte |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtent |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadti |
Source: Synaptics.exe, 00000004.00000002.2540164357.000000000DD8E000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtl |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtop |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF35000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadutub |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007514000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadve4 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadviZ |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000755A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwB |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DEEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwB3 |
Source: Synaptics.exe, 00000004.00000002.2530140781.000000000747C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyA$ |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyor... |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyoutu |
Source: Synaptics.exe, 00000004.00000002.2530140781.0000000007585000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.0000000005590000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzL |
Source: Synaptics.exe, 00000004.00000002.2505106985.0000000000740000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~ |
Source: F.exe, 00000002.00000003.2064449004.00000000021A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX |
Source: F.exe, 00000002.00000003.2064449004.00000000021A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO |
Source: vbaProject.bin |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download |
Source: Synaptics.exe, 00000004.00000002.2511829684.0000000002130000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DE98000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2549645289.000000000DF8B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.000000000070A000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/ |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/7 |
Source: Synaptics.exe, 00000004.00000002.2545756503.000000000DDDD000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/Y |
Source: Synaptics.exe, 00000004.00000002.2525281255.0000000005580000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000004.00000002.2505106985.0000000000724000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download |
Source: Synaptics.exe, 00000004.00000002.2529101852.00000000073F8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/4 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4 |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF |
Source: Synaptics.exe, 00000004.00000002.2529101852.00000000073F8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOx |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV |
Source: Synaptics.exe, 00000004.00000002.2529101852.0000000007409000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg |
Source: Synaptics.exe, 00000004.00000002.2525281255.000000000551D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu |
Source: Synaptics.exe, 00000004.00000002.2547909817.000000000DE98000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://drive.usercontent.google.com/z |
Source: powershell.exe, 0000001B.00000002.2765152080.0000000004EF6000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://github.com/Pester/Pester |
Source: msedge_pwa_launcher.exe.0.dr, identity_helper.exe.0.dr |
String found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ff |
Source: msedge_pwa_launcher.exe.0.dr, identity_helper.exe.0.dr |
String found in binary or memory: https://github.com/pq-crystals/kyber/commit/28413dfbf523fdde181246451c2bd77199c0f7ffDilithium2Dilith |
Source: powershell.exe, 00000015.00000002.2752155516.0000000005CAA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2752155516.0000000005E1A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://go.micro |
Source: integrator.exe.0.dr |
String found in binary or memory: https://nexus.officeapps.live.comhttps://nexusrules.officeapps.live.com |
Source: powershell.exe, 00000008.00000002.2281858184.00000000055BD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2802481932.0000000006529000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000018.00000002.2823008513.0000000006039000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2834693917.0000000005E0A000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: https://nuget.org/nuget.exe |
Source: integrator.exe.0.dr |
String found in binary or memory: https://otelrules.azureedge.net/rules/.bundlesdxhelper.exeFailed |
Source: F.exe, 00000002.00000003.2064449004.00000000021A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl= |
Source: Synaptics.exe.2.dr |
String found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1 |
Source: Synaptics.exe, 00000004.00000002.2511829684.0000000002130000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1: |
Source: F.exe, 00000002.00000003.2064449004.00000000021A0000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl |
Source: Synaptics.exe.2.dr |
String found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1 |
Source: Synaptics.exe, 00000004.00000002.2511829684.0000000002130000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16 |
Source: vbaProject.bin |
String found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1 |
Source: Synaptics.exe, 00000004.00000002.2511829684.0000000002130000.00000004.00001000.00020000.00000000.sdmp |
String found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1: |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: twext.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: windows.fileexplorer.common.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: shacct.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: idstore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: samlib.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: wlidprov.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: provsvc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: starttiledata.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: acppage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: twext.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: starttiledata.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: acppage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: rtutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: dhcpcsvc6.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: linkinfo.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: avicap32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: msvfw32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: ondemandconnroutehelper.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: winnsi.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: schannel.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: napinsp.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: pnrpnsp.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: wshbth.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: nlaapi.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: winrnr.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: mskeyprotect.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: ntasn1.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: ncrypt.dll |
Jump to behavior |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: ncryptsslp.dll |
Jump to behavior |
Source: C:\Windows\svchost.com |
Section loaded: apphelp.dll |
|
Source: C:\Windows\svchost.com |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appresolver.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: bcp47langs.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: slc.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sppc.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: linkinfo.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ntshrui.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cscapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: version.dll |
|
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: wininet.dll |
|
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: wsock32.dll |
|
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: netapi32.dll |
|
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: uxtheme.dll |
|
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: windows.storage.dll |
|
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: wldp.dll |
|
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Section loaded: textshaping.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appresolver.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: bcp47langs.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: slc.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sppc.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: linkinfo.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ntshrui.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cscapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appresolver.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: bcp47langs.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: slc.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sppc.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: linkinfo.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ntshrui.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cscapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: atl.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mscoree.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: windows.storage.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appresolver.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: bcp47langs.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: slc.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sppc.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: propsys.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: linkinfo.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: profapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ntshrui.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: sspicli.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: srvcli.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cscapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: policymanager.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msvcp110_win.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ntmarta.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: version.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: vcruntime140_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: ucrtbase_clr0400.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptsp.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: rsaenh.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: cryptbase.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msasn1.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: amsi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: userenv.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: gpapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: msisip.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wshext.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: appxsip.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: opcservices.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: secur32.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: urlmon.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: iertutil.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: netutils.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wininet.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: microsoft.management.infrastructure.native.unmanaged.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: mi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: miutils.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wmidcom.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: dpapi.dll |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Section loaded: wbemcomn.dll |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Check.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Users\user\AppData\Local\Temp\chrome.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Uninstall.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Au3Info.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe |
|
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE |
Jump to behavior |
Source: C:\Windows\svchost.com |
System file written: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe |
|
Source: C:\Users\user\Desktop\F.exe |
System file written: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
File created: C:\ProgramData\Synaptics\Synaptics.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Windows\svchost.com |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE |
Jump to dropped file |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
File created: C:\Users\user\Documents\BJZFPPWAPT\~$cache1 |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Jump to dropped file |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
File created: C:\Users\user\AppData\Local\Temp\RCXAE3F.tmp |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\Au3Check.exe |
Jump to dropped file |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
File created: C:\Users\user\AppData\Local\Temp\cyXtjfIL.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
File created: C:\Users\user\Desktop\._cache_F.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Users\user\AppData\Local\Temp\chrome.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\Uninstall.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\Au3Info.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
File created: C:\ProgramData\Synaptics\RCXAC4B.tmp |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
File created: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\._cache_F.exe |
File created: C:\ProgramData\XClient.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
File created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\3582-490\F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\svchost.com |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaws.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\DATABASECOMPARE.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\identity_helper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateComRegisterShell64.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\PerfBoost.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\MSOHTMED.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLED.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCopyAccelerator.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaw.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\lync99.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\FLTLDR.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\aimgr.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SELFCERT.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\cookie_exporter.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\filecompare.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SCANPST.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\xlicons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\ConfigSecurityPolicy.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSREC.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateBroker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\accicons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate64.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\lyncicon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\IEContentService.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateSetup.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\notification_click_helper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_proxy.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\pwahelper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\officeappguardwin32.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\wordicon.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\SPREADSHEETCOMPARE.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javacpl.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe |
Jump to dropped file |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RCXAE3F.tmp |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe |
Jump to dropped file |
Source: C:\ProgramData\Synaptics\Synaptics.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\cyXtjfIL.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Check.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pj11icon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ACCICONS.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOICONS.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\AppSharingHookController64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\java.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\visicon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeComRegisterShellARM64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\joticon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CLVIEW.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHTMED.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_749031\javaws.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\XLICONS.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\chrome.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\ai.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedgewebview2.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateOnDemand.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpDlpCmd.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pptico.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Client\AppVDllSurrogate32.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\outicon.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\jp2launcher.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\dbcicons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\MSQRY32.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-0000-0000000FF1CE}\misc.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ORGCHART.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\osmclienticon.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\PPTICO.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\WORDICON.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrSanBroker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Java\jre-1.8\bin\unpack200.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\GRAPH.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Uninstall.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\sscicons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpCmdRun.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\Common.DBConnection.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\CNFNOT32.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\msoadfsb.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Au3Info.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\mpextms.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\AppSharingHookController.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\OfficeScrBroker.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\Installer\setup.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\Wordconv.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\aimgr.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdateCore.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Temp\EUC7A5.tmp\MicrosoftEdgeUpdate.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\OLicenseHeartbeat.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\msedge_pwa_launcher.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\OLCFG.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\grv_icons.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Source Engine\OSE.EXE |
Jump to dropped file |
Source: C:\Windows\svchost.com |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\Office16\msoasb.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-0000-0000000FF1CE}\pubs.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\F.exe |
Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe |
Jump to dropped file |
Source: C:\Users\user\Desktop\._cache_F.exe |
Queries volume information: C:\Users\user\Desktop\._cache_F.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\._cache_F.exe |
Queries volume information: C:\ VolumeInformation |
Jump to behavior |
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\ VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation |
|