Windows Analysis Report
gpg4win-4.3.1.exe

Overview

General Information

Sample name: gpg4win-4.3.1.exe
Analysis ID: 1558749
MD5: cff05af81adc5ca0066baf07d17edb24
SHA1: 7c5fa919c2eb90194e844de027a36e87c7be8a80
SHA256: 2db44b086d860c51a4f45f43a739cd20fb0822189deb1c1cf13e4b5a3b05bc3b
Infos:

Detection

Score: 36
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Contains functionality to infect the boot sector
Tries to delay execution (extensive OutputDebugStringW loop)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE / OLE file has an invalid certificate
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Classes Autorun Keys Modification
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655C2E38 gcry_pk_encrypt, 15_2_655C2E38
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655C2EB2 gcry_pk_decrypt, 15_2_655C2EB2
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655C2964 gcry_cipher_decrypt, 15_2_655C2964
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655C28C5 gcry_cipher_encrypt,memset, 15_2_655C28C5
Uses 32bit PE files
Source: gpg4win-4.3.1.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\pkg-licenses.txt Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\README.txt Jump to behavior
Source: gpg4win-4.3.1.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408C5A FindFirstFileW,FindClose, 0_2_00408C5A
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408D46 DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00408D46
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004036C8 FindFirstFileW, 0_2_004036C8
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Code function: 3_2_00408A56 FindFirstFileW,FindClose, 3_2_00408A56
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Code function: 3_2_00408B42 DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 3_2_00408B42
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Code function: 3_2_004036C8 FindFirstFileW, 3_2_004036C8
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00413B49 FindFirstFileW,gcry_free,strlen,gcry_malloc,gcry_free,FindNextFileW,FindClose,gcry_free, 15_2_00413B49
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00413B20 strpbrk,FindFirstFileW,gcry_free,strlen,gcry_malloc,gcry_free,FindNextFileW,FindClose,gcry_free,FindClose,gcry_free,FindClose, 15_2_00413B20
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 4x nop then mov ecx, dword ptr [esp+04h] 13_2_00B74B81
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 4x nop then ret 13_2_00B75B11
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 4x nop then push ebx 15_2_6B4982F0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 4x nop then push ebx 15_2_6B4982F0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B48A090 recv,_errno,recv, 15_2_6B48A090
Source: kleopatra.exe, 0000000D.00000002.2652413414.000000006D4E7000.00000002.00000001.01000000.0000002C.sdmp String found in binary or memory: Jmmail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eQMap(, QSslCertificate([*?[][\$\(\)\*\+\.\?\[\]\^\{\}\|].f5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06www.google.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3login.yahoo.com39:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:293e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:71e9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47login.skype.com92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43addons.mozilla.orgb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c0login.live.comd8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0global trustee05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56*.google.com0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Root CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49DigiNotar Services CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Services 1024 CA0a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3eDigiNotar Root CA G2a4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21CertiID Enterprise Certificate Authority5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Qualified CA46:9c:2c:b007:27:10:0dDigiNotar Cyber CA07:27:0f:f907:27:10:0301:31:69:b0DigiNotar PKIoverheid CA Overheid en Bedrijven01:31:34:bfDigiNotar PKIoverheid CA Organisatie - G2d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar Extended Validation CA1e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Public CA 202546:9c:2c:af46:9c:3c:c907:27:14:a9Digisign Server ID (Enrich)4c:0e:63:6aDigisign Server ID - (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0UTN-USERFirst-Hardware41MD5 Collisions Inc. (http://www.phreedom.org/md5)08:27*.EGO.GOV.TR08:64e-islem.kktcmerkezbankasi.org03:1d:a7AC DG Tr equals www.yahoo.com (Yahoo)
Source: kleopatra.exe, 0000000D.00000000.1942642934.0000000000783000.00000002.00000001.01000000.00000019.sdmp, kleopatra.exe, 0000000D.00000002.2620663756.0000000000783000.00000002.00000001.01000000.00000019.sdmp String found in binary or memory: http://.OCSP
Source: kleopatra.exe, 0000000D.00000002.2652413414.000000006D4E7000.00000002.00000001.01000000.0000002C.sdmp String found in binary or memory: http://bugreports.qt.io/
Source: kleopatra.exe, 0000000D.00000002.2652413414.000000006D4E7000.00000002.00000001.01000000.0000002C.sdmp String found in binary or memory: http://bugreports.qt.io/_q_receiveReplyensureClientPrefaceSentfinished7
Source: kleopatra.exe, 0000000D.00000002.2628909638.0000000001270000.00000002.00000001.01000000.00000024.sdmp, kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp, kleopatra.exe, 0000000D.00000002.2633235842.000000000492D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://creativecommons.org/ns#
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: kleopatra.exe, 0000000D.00000002.2633235842.000000000492D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fsf.org/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://http-keys.gnupg.net
Source: kleopatra.exe, 0000000D.00000002.2650866932.000000006BB44000.00000002.00000001.01000000.00000020.sdmp String found in binary or memory: http://https://vnc://fish://ftp://ftps://sftp://smb://irc://ircs://mailto:www.ftp.file://news:tel:xm
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://keys.gnupg.net
Source: kleopatra.exe, 0000000D.00000002.2625176679.0000000000BC2000.00000008.00000001.01000000.00000014.sdmp String found in binary or memory: http://mingw-w64.sourceforge.net/X
Source: gpg4win-4.3.1.exe, 00000000.00000000.1362655609.000000000040C000.00000002.00000001.01000000.00000003.sdmp, gpg4win-4.3.1.exe, 00000000.00000003.1833116584.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697782719.00000000007FC000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699013152.000000000040C000.00000002.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1698285332.0000000000802000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: kleopatra.exe, 0000000D.00000002.2646623429.0000000068767000.00000002.00000001.01000000.00000039.sdmp String found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
Source: kleopatra.exe, 0000000D.00000002.2646623429.0000000068767000.00000002.00000001.01000000.00000039.sdmp String found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: kleopatra.exe, 0000000D.00000002.2628909638.0000000001270000.00000002.00000001.01000000.00000024.sdmp, kleopatra.exe, 0000000D.00000002.2632858084.0000000003ED2000.00000004.00000020.00020000.00000000.sdmp, kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp, kleopatra.exe, 0000000D.00000002.2633235842.000000000492D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: kleopatra.exe, 0000000D.00000002.2646623429.0000000068767000.00000002.00000001.01000000.00000039.sdmp String found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: kleopatra.exe, 0000000D.00000002.2646623429.0000000068767000.00000002.00000001.01000000.00000039.sdmp String found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: gpg4win-4.3.1.exe, 00000000.00000003.1576951177.00000000055C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://wiz0u.free.fr/prog/nsisSlideshow/
Source: kleopatra.exe, 0000000D.00000002.2629676680.0000000001877000.00000002.00000001.01000000.0000002B.sdmp String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.claws-mail.org/win32
Source: kleopatra.exe, 0000000D.00000002.2629676680.0000000001877000.00000002.00000001.01000000.0000002B.sdmp String found in binary or memory: http://www.color.org)
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1690378990.00000000036BF000.00000004.00000020.00020000.00000000.sdmp, kleopatra.exe, 0000000D.00000002.2632345280.000000000251B000.00000008.00000001.01000000.00000044.sdmp String found in binary or memory: http://www.gnu.org/licenses/
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.gpg4win.org/NoModifyNoRepairSoftware
Source: kleopatra.exe, 0000000D.00000002.2633235842.000000000492D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.inkscape.org/)
Source: kleopatra.exe, 0000000D.00000002.2632858084.0000000003ED2000.00000004.00000020.00020000.00000000.sdmp, kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp, kleopatra.exe, 0000000D.00000002.2633235842.000000000492D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: kleopatra.exe, 0000000D.00000002.2652413414.000000006D4E7000.00000002.00000001.01000000.0000002C.sdmp String found in binary or memory: http://www.phreedom.org/md5)
Source: kleopatra.exe, 0000000D.00000002.2652413414.000000006D4E7000.00000002.00000001.01000000.0000002C.sdmp String found in binary or memory: http://www.phreedom.org/md5)08:27
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1682613355.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, kleopatra.exe, 0000000D.00000002.2638286368.00000000630A6000.00000008.00000001.01000000.0000003E.sdmp, gpg.exe, 00000015.00000002.1971720164.00000000630A7000.00000008.00000001.01000000.00000054.sdmp String found in binary or memory: http://www.zlib.net/D
Source: kleopatra.exe, 0000000D.00000002.2646623429.0000000068767000.00000002.00000001.01000000.00000039.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: kleopatra.exe, 0000000D.00000002.2646623429.0000000068767000.00000002.00000001.01000000.00000039.sdmp String found in binary or memory: http://xml.org/sax/features/namespaces
Source: kleopatra.exe, 0000000D.00000002.2646623429.0000000068767000.00000002.00000001.01000000.00000039.sdmp String found in binary or memory: http://xml.org/sax/features/namespaceshttp://xml.org/sax/features/namespace-prefixeshttp://trolltech
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1669694552.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1610045908.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1621444508.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622186983.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1611673892.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, gpgconf.exe, gpgconf.exe, 0000000F.00000002.1951908155.0000000000422000.00000002.00000001.01000000.0000004D.sdmp, gpgconf.exe, 00000012.00000000.1954660177.0000000000422000.00000002.00000001.01000000.0000004D.sdmp, gpgconf.exe, 00000028.00000000.1985058700.0000000000422000.00000002.00000001.01000000.0000004D.sdmp String found in binary or memory: https://bugs.gnupg.org
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1610045908.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1621444508.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622186983.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1611673892.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, gpgconf.exe, 0000000F.00000002.1951908155.0000000000422000.00000002.00000001.01000000.0000004D.sdmp, gpgconf.exe, 00000012.00000000.1954660177.0000000000422000.00000002.00000001.01000000.0000004D.sdmp, gpgconf.exe, 00000028.00000000.1985058700.0000000000422000.00000002.00000001.01000000.0000004D.sdmp String found in binary or memory: https://bugs.gnupg.orgGnuPGgpggpgsmgpg-agentgpgtarEMAILGNUPGGPGGPGSMGPG_AGENTSCDAEMONTPM2DAEMONDIRMN
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://bugs.kde.org
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://bugs.kde.org/
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://bugs.kde.org/enter_bug.cgi
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://community.kde.org/Get_Involved
Source: kleopatra.exe, 0000000D.00000002.2654184565.000000006DF81000.00000002.00000001.01000000.00000049.sdmp String found in binary or memory: https://dejavu-fonts.github.io/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1695626237.00000000036BF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.gnupg.org/T4834
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.gnupg.org/T6578
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.gnupg.org/T6960
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://develop.kde.org/products/frameworks/
Source: kleopatra.exe, kleopatra.exe, 0000000D.00000000.1942642934.0000000000783000.00000002.00000001.01000000.00000019.sdmp, kleopatra.exe, 0000000D.00000002.2620663756.0000000000783000.00000002.00000001.01000000.00000019.sdmp, kleopatra.exe, 0000000D.00000002.2638673788.000000006395D000.00000002.00000001.01000000.00000034.sdmp String found in binary or memory: https://docs.kde.org/index.php?branch=stable5&language=
Source: kleopatra.exe, 0000000D.00000000.1942642934.0000000000783000.00000002.00000001.01000000.00000019.sdmp, kleopatra.exe, 0000000D.00000002.2620663756.0000000000783000.00000002.00000001.01000000.00000019.sdmp String found in binary or memory: https://docs.kde.org/index.php?branch=stable5&language=helpmaninfotruefalseModule
Source: kleopatra.exe, 0000000D.00000002.2638673788.000000006395D000.00000002.00000001.01000000.00000034.sdmp String found in binary or memory: https://docs.kde.org/index.php?branch=stable5&language=systemsettings/kcontrol/index.htmlindex.html&
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://ev.kde.org/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1601919673.0000000002DC2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699729746.00000000007CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://fsf.org/
Source: kleopatra.exe, 0000000D.00000002.2631735459.0000000002353000.00000002.00000001.01000000.00000043.sdmp String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: gpgconf.exe, 00000012.00000002.1958356846.000000006B4A7000.00000002.00000001.01000000.0000004F.sdmp String found in binary or memory: https://gnu.org/licenses/
Source: gpgconf.exe, 00000012.00000002.1958356846.000000006B4A7000.00000002.00000001.01000000.0000004F.sdmp, gpg.exe, 00000015.00000002.1971035409.00000000008E4000.00000004.00000020.00020000.00000000.sdmp, gpg.exe, 00000015.00000002.1971431154.0000000002908000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnu.org/licenses/gpl.html
Source: kleopatra.exe, 0000000D.00000002.2620663756.0000000000783000.00000002.00000001.01000000.00000019.sdmp String found in binary or memory: https://gnupg.org
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/blog/20240125-smartcard-backup-key.html
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/documentation/mailing-lists.html
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/documentation/manuals/gnupg-devel/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/documentation/manuals/gnupg/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/donate/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1601919673.0000000002DC2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699729746.00000000007CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/donateEin
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/download
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/download/mirrors.html
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/downloadErro
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/downloadFailed
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/downloadFehler
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/downloadInstallazione
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/downloadOpenPGP
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1610045908.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gpg.exe, 00000015.00000002.1970504765.00000000004F7000.00000002.00000001.01000000.00000050.sdmp String found in binary or memory: https://gnupg.org/faq/subkey-cross-certify.html
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1610045908.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gpg.exe, 00000015.00000002.1970504765.00000000004F7000.00000002.00000001.01000000.00000050.sdmp String found in binary or memory: https://gnupg.org/faq/subkey-cross-certify.htmlWARNING:
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/faq/whats-new-in-2.1.html
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/ftp/gcrypt/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/ftp/gcrypt/libassuan/)
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/ftp/gcrypt/libgcrypt/)
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/ftp/gcrypt/libgpg-error/)
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/ftp/gcrypt/libksba/)
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/ftp/gcrypt/npth/)
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/ftp/gcrypt/pinentry/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1607271720.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org/service.html
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.org0/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1601919673.0000000002DC2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699729746.00000000007CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.orgNoModifyNoRepair
Source: kleopatra.exe, 0000000D.00000002.2633692119.0000000005251000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gnupg.orgra
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://http-keys.gnupg.net
Source: kleopatra.exe, 0000000D.00000002.2650866932.000000006BB44000.00000002.00000001.01000000.00000020.sdmp String found in binary or memory: https://kde.org/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://keys.gnupg.net
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://keys.gnupg.nethkp://keys.gnupg.nethttp://keys.gnupg.nethkps://http-keys.gnupg.nethttp-keys.g
Source: kleopatra.exe, 0000000D.00000002.2650866932.000000006BB44000.00000002.00000001.01000000.00000020.sdmp String found in binary or memory: https://l10n.kde.org
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://openpgpkey.%s/.well-known/openpgpkey/%s/hu/%s?l=%s
Source: gpg4win-4.3.1.exe, 00000000.00000003.1576951177.00000000055C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ss64.com/locale.html
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://store.kde.org/avatar/%1?s=%2
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://store.kde.org/avatar/%1?s=%2personProfileERROR:
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://store.kde.org/u/%1
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://techbase.kde.org/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://versions.gnupg.org/swdb.lst
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://versions.gnupg.org/swdb.lst.sig
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://versions.gnupg.org/swdb.lsthttps://versions.gnupg.org/swdb.lst.sig--enable-special-filenames
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.claws-mail.org/win32
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1688934945.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1694158379.0000000002DB8000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1624009267.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1686424219.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1691139728.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1622890201.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697866044.0000000002DBD000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1625200341.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1620734766.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1614859867.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1683229221.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619949027.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1626295471.0000000002DB7000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1657717139.0000000002DBE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699042312.0000000000414000.00000004.00000001.01000000.0000000E.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1627272547.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1617592000.0000000002DB1000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1693452785.0000000002DBC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.globalsign.com/repository/0
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699729746.00000000007CE000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1659616637.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1684384842.0000000002DB5000.00000004.00000020.00020000.00000000.sdmp, kleopatra.exe, 0000000D.00000002.2635819802.0000000061EDE000.00000008.00000001.01000000.00000035.sdmp String found in binary or memory: https://www.gnu.org/licenses/
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://www.gnu.org/philosophy/free-sw.html
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1601919673.0000000002DC2000.00000004.00000020.00020000.00000000.sdmp, gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000002.1699729746.00000000007CE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gnu.org/philosophy/why-not-lgpl.html
Source: kleopatra.exe, 0000000D.00000002.2640877518.0000000064BC3000.00000002.00000001.01000000.00000027.sdmp String found in binary or memory: https://www.gpg4win.org
Source: kleopatra.exe, 0000000D.00000002.2620663756.0000000000783000.00000002.00000001.01000000.00000019.sdmp String found in binary or memory: https://www.gpg4win.org/change-history.html
Source: kleopatra.exe, kleopatra.exe, 0000000D.00000000.1942642934.0000000000783000.00000002.00000001.01000000.00000019.sdmp, kleopatra.exe, 0000000D.00000002.2620663756.0000000000783000.00000002.00000001.01000000.00000019.sdmp String found in binary or memory: https://www.gpg4win.org/download.html
Source: gpg4win-4.3.1.exe, 00000000.00000002.2002826010.0000000000992000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gpg4win.orghttps://www.gpg4win.de&Voltooien&Ferdig
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://www.kde.org/
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://www.kde.org/community/donations/
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://www.kde.org/donate?app=
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://www.kde.org/donate?app=p
Source: kleopatra.exe, 0000000D.00000002.2641420175.000000006525C000.00000002.00000001.01000000.00000026.sdmp String found in binary or memory: https://www.qt.io/
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1619094857.0000000002DB2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://yubi.co/ysa201701
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004075E3 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetDlgItemTextW,ShowWindow,ShowWindow,ShowWindow,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_004075E3
Creates a window with clipboard capturing capabilities
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Contains functionality to communicate with device drivers
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6569406F: RegOpenKeyExA,RegQueryValueExA,_stricmp,RegCloseKey,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,CreateFileA,DeviceIoControl,CloseHandle, 15_2_6569406F
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 EntryPoint,SetErrorMode,GetVersion,lstrlenA,InitCommonControls,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,DeleteFileW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,GetTempPathW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_00404648
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Code function: 3_2_00404446 EntryPoint,SetErrorMode,GetVersion,lstrlenA,InitCommonControls,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,DeleteFileW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,GetTempPathW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 3_2_00404446
Detected potential crypto function
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B530F6 13_2_00B530F6
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B87000 13_2_00B87000
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B871D0 13_2_00B871D0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B53160 13_2_00B53160
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B862F0 13_2_00B862F0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B862E4 13_2_00B862E4
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B69200 13_2_00B69200
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B87248 13_2_00B87248
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B873B0 13_2_00B873B0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B8638C 13_2_00B8638C
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B863F8 13_2_00B863F8
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B863EC 13_2_00B863EC
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86330 13_2_00B86330
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B60300 13_2_00B60300
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86368 13_2_00B86368
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B8635C 13_2_00B8635C
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86488 13_2_00B86488
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B864E0 13_2_00B864E0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86430 13_2_00B86430
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86418 13_2_00B86418
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86410 13_2_00B86410
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B87410 13_2_00B87410
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86404 13_2_00B86404
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B68580 13_2_00B68580
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B667F0 13_2_00B667F0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B7577B 13_2_00B7577B
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B618A0 13_2_00B618A0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B8783B 13_2_00B8783B
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86904 13_2_00B86904
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B69AA2 13_2_00B69AA2
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86A18 13_2_00B86A18
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86A40 13_2_00B86A40
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86BF4 13_2_00B86BF4
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B52C10 13_2_00B52C10
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B86DEC 13_2_00B86DEC
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00BB9170 13_2_00BB9170
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00BDD2C0 13_2_00BDD2C0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00BDE580 13_2_00BDE580
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C44100 13_2_00C44100
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C20230 13_2_00C20230
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C26460 13_2_00C26460
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C2C930 13_2_00C2C930
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C48AB0 13_2_00C48AB0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C26B90 13_2_00C26B90
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Code function: 14_2_004088D0 14_2_004088D0
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Code function: 14_2_00407520 14_2_00407520
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Code function: 14_2_00404D80 14_2_00404D80
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00412000 15_2_00412000
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00405170 15_2_00405170
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_0041A190 15_2_0041A190
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_0040CAF5 15_2_0040CAF5
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_0041B450 15_2_0041B450
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_0040ACB4 15_2_0040ACB4
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00413D90 15_2_00413D90
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00417EB0 15_2_00417EB0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6563052C 15_2_6563052C
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656495D5 15_2_656495D5
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6562B5DA 15_2_6562B5DA
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656335BF 15_2_656335BF
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65669594 15_2_65669594
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6562C472 15_2_6562C472
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6569B424 15_2_6569B424
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656AE4B0 15_2_656AE4B0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6562E490 15_2_6562E490
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65689779 15_2_65689779
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6562F7E4 15_2_6562F7E4
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655FF7CF 15_2_655FF7CF
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656497D2 15_2_656497D2
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656047A2 15_2_656047A2
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6564B78F 15_2_6564B78F
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656866C8 15_2_656866C8
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6563069B 15_2_6563069B
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65691156 15_2_65691156
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6565B10E 15_2_6565B10E
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656AD1F0 15_2_656AD1F0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656331A2 15_2_656331A2
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6560406C 15_2_6560406C
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65687038 15_2_65687038
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6562B0C8 15_2_6562B0C8
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656303E6 15_2_656303E6
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656893F4 15_2_656893F4
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6562A3B7 15_2_6562A3B7
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65631273 15_2_65631273
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6565124D 15_2_6565124D
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655FF26C 15_2_655FF26C
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6560C221 15_2_6560C221
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655FB217 15_2_655FB217
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65686224 15_2_65686224
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6565B2E2 15_2_6565B2E2
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656782FE 15_2_656782FE
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6564C2FB 15_2_6564C2FB
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655F8D53 15_2_655F8D53
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655E8D6B 15_2_655E8D6B
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6562BD3F 15_2_6562BD3F
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65606DE5 15_2_65606DE5
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655F3D94 15_2_655F3D94
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65604C52 15_2_65604C52
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655D5C0A 15_2_655D5C0A
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65632C07 15_2_65632C07
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65656C18 15_2_65656C18
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6569AF79 15_2_6569AF79
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65648F79 15_2_65648F79
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65631F42 15_2_65631F42
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65630F2C 15_2_65630F2C
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6561EFB7 15_2_6561EFB7
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655D3ECE 15_2_655D3ECE
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65607EF9 15_2_65607EF9
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65689EAF 15_2_65689EAF
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655F59D4 15_2_655F59D4
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656839E4 15_2_656839E4
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655D5863 15_2_655D5863
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656318ED 15_2_656318ED
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65605B42 15_2_65605B42
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65617A6E 15_2_65617A6E
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65630AE1 15_2_65630AE1
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65632AC0 15_2_65632AC0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65689A81 15_2_65689A81
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65629A8F 15_2_65629A8F
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B48EB4C 15_2_6B48EB4C
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B48EB4C 15_2_6B48EB4C
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B48DB74 15_2_6B48DB74
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B48DB74 15_2_6B48DB74
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B498BAC 15_2_6B498BAC
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B498BAC 15_2_6B498BAC
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B481920 15_2_6B481920
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B48DB74 15_2_6B48DB74
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B49DFB0 15_2_6B49DFB0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B498BAC 15_2_6B498BAC
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B48DB74 15_2_6B48DB74
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B49C580 15_2_6B49C580
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B4A26F0 15_2_6B4A26F0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B49C580 15_2_6B49C580
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B4A1430 15_2_6B4A1430
Found potential string decryption / allocating functions
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 6B4982F0 appears 37 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 655C497B appears 32 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 004097D0 appears 54 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 655C4B87 appears 134 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 655C48C3 appears 91 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 6B482CC0 appears 44 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 655C4950 appears 49 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 655C71CF appears 36 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 00416E90 appears 47 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 00416E48 appears 51 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 00416F50 appears 64 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 00416E28 appears 37 times
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: String function: 655C49A6 appears 87 times
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: String function: 00C216E0 appears 33 times
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: String function: 00C22CC0 appears 46 times
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: String function: 00BD9600 appears 50 times
PE / OLE file has an invalid certificate
Source: gpg4win-4.3.1.exe Static PE information: invalid certificate
PE file contains more sections than normal
Source: libgpg-error-0.dll0.0.dr Static PE information: Number of sections : 12 > 10
Source: scute.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: kio_file.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: iconv.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: gpgol.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: qwindowsvistastyle.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: sonnet_ispellchecker.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: gpgol.dll0.0.dr Static PE information: Number of sections : 12 > 10
Source: libKF5IconThemes.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: libintl-8.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: gpgex.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: qwindows.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: intl.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: Qt5Widgets.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: windowsprintersupport.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: zlib1.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: libgpg-error-0.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: libfreetype.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: Qt5Gui.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: libiconv-2.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: Qt5PrintSupport.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: libassuan-0.dll0.0.dr Static PE information: Number of sections : 12 > 10
Source: libassuan-0.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: libwinpthread-1.dll0.0.dr Static PE information: Number of sections : 12 > 10
Source: qsvgicon.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: qsvg.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: gpgex.dll0.0.dr Static PE information: Number of sections : 12 > 10
Source: Qt5Svg.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: Qt5Xml.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: Qt5Network.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: Qt5Core.dll.0.dr Static PE information: Number of sections : 12 > 10
Uses 32bit PE files
Source: gpg4win-4.3.1.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: Qt5Core.dll.0.dr Static PE information: Section: .qtmimed ZLIB complexity 0.9964831388449367
Source: kleopatra.exe, 0000000D.00000002.2644876225.0000000066CE0000.00000002.00000001.01000000.0000002A.sdmp Binary or memory string: .telemark.nomalatvuopmi.nohamburgreservd.dev.thingdust.iogo.jpotsuchi.iwate.jpnet.slnet.soal.usbounceme.netgo.keporsgrunn.nonet.ss!city.yokohama.jptarnobrzeg.plnet.stdishis-a-chef.coms.bggjerdrum.noshiogama.miyagi.jptara.saga.jpyamada.toyama.jpnet.thnet.synet.tjs
Source: classification engine Classification label: sus36.evad.winEXE@713/1778@0/1
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_004090F0 FormatMessageA,strlen,GetLastError, 15_2_004090F0
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 EntryPoint,SetErrorMode,GetVersion,lstrlenA,InitCommonControls,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,DeleteFileW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,GetTempPathW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_00404648
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Code function: 3_2_00404446 EntryPoint,SetErrorMode,GetVersion,lstrlenA,InitCommonControls,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,DeleteFileW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,GetTempPathW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 3_2_00404446
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004060B1 GetDlgItem,SetWindowTextW,SetDlgItemTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_004060B1
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00402ABC CoCreateInstance, 0_2_00402ABC
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2508:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7584:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7568:120:WilError_03
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7416:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7576:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1096:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3348:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2624:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3276:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1992:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6004:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Mutant created: \Sessions\1\BaseNamedObjects\gnupg
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Mutant created: \Sessions\1\BaseNamedObjects\gpg4win
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Users\user\AppData\Local\Temp\nsqE8EA.tmp Jump to behavior
Source: gpg4win-4.3.1.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: create table if not exists encryptions (binding INTEGER NOT NULL, time INTEGER);create index if not exists encryptions_binding on encryptions (binding);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: create table version (version INTEGER);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: insert into version values (1);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: select count(*) from sqlite_master where type='table';
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: select ((select count(*) from ultimately_trusted_keys where (keyid in (%s))) == %d) and ((select count(*) from ultimately_trusted_keys where keyid not in (%s)) == 0);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: select user_id, policy from bindings where fingerprint = ?;
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: select fingerprint || case sum(conflict NOTNULL) when 0 then '' else '!' end from bindings where email = ? group by fingerprint order by fingerprint = ? asc, fingerprint desc;
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: insert into ultimately_trusted_keys values ('%s');
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: create table if not exists ultimately_trusted_keys (keyid);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: create table version (version INTEGER);error initializing TOFU database: %s
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: select version from version;
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1697114515.0000000002DB4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: create table signatures (binding INTEGER NOT NULL, sig_digest TEXT, origin TEXT, sig_time INTEGER, time INTEGER, primary key (binding, sig_digest, origin));
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: update bindings set effective_policy = %d, conflict = %Q where email = %Q and fingerprint = %Q and effective_policy != %d;
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: select count(*) from sqlite_master where type='table';error reading TOFU database: %s
Source: gnupg-w32-2.4.5_20240307-bin.exe, 00000003.00000003.1608861697.0000000002DBA000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: update bindings set effective_policy = ? where fingerprint = ?;
Source: kleopatra.exe String found in binary or memory: run-at-startup
Source: kleopatra.exe String found in binary or memory: allow-addition
Source: kleopatra.exe String found in binary or memory: view-certificate-add
Source: kleopatra.exe String found in binary or memory: process-stop
Source: kleopatra.exe String found in binary or memory: /home/builder/build/gpg4win/gpg4win-4.3.1/src/playground/install/pkgs/libical-3.0.16/share/libical/zoneinfo
Source: kleopatra.exe String found in binary or memory: CAL-ADDRESS
Source: gpgconf.exe String found in binary or memory: i386/mpih-add1.S:i386/mpih-sub1.S:i386/mpih-mul1.S:i386/mpih-mul2.S:i386/mpih-mul3.S:i386/mpih-lshift.S:i386/mpih-rshift.S
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File read: C:\Users\user\Desktop\gpg4win-4.3.1.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\gpg4win-4.3.1.exe "C:\Users\user\Desktop\gpg4win-4.3.1.exe"
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process created: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe "C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe" /S /D=C:\Program Files (x86)\Gpg4win\..\GnuPG
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32" /s "C:\Program Files (x86)\Gpg4win\bin_64\gpgol.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\Gpg4win\bin_64\gpgol.dll"
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32" /s "C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll"
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll"
Source: unknown Process created: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe "C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe"
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-q4mVpo" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-dirs"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-dirs"
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-yqo9FC" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-components"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-components"
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-Tp2IWQ" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--version"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpg.exe" "--version"
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-x5JUd5" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgsm.exe" "--version"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgsm.exe" "--version"
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-8DQmvj" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--version"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--version"
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\Program Files (x86)\GnuPG\bin\gpgconf.exe" --launch gpg-agent
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\Program Files (x86)\GnuPG\bin\gpgconf.exe" --show-versions
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe "C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe" --gpgconf-test
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe "C:\Program Files (x86)\GnuPG\bin\dirmngr.exe" --gpgconf-versions
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-TcwxNx" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "1" "--logger-fd" "5" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--"
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-BdRI5L" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgsm.exe" "--logger-fd" "7" "--server"
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-t7bUn0" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-components"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "4" "--logger-fd" "12" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgsm.exe" "--logger-fd" "16" "--server"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-components"
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Process created: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe "C:\Program Files (x86)\GnuPG\bin\keyboxd.exe" --homedir C:\Users\user\AppData\Roaming\gnupg --daemon
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe "C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe" NOP
Source: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe "C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe" --homedir C:\Users\user\AppData\Roaming\gnupg --use-standard-socket --daemon
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-7MhVGe" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-options" "gpg"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-options" "gpg"
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "C:\Program Files (x86)\GnuPG\bin\gpg.exe" --dump-option-table
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "C:\Program Files (x86)\GnuPG\bin\gpg.exe" --gpgconf-list
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process created: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe "C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe" /S /D=C:\Program Files (x86)\Gpg4win\..\GnuPG Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32" /s "C:\Program Files (x86)\Gpg4win\bin_64\gpgol.dll" Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32" /s "C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll" Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\Gpg4win\bin_64\gpgol.dll" Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Process created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-q4mVpo" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-dirs" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-yqo9FC" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-components" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-Tp2IWQ" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-x5JUd5" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgsm.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-8DQmvj" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\Program Files (x86)\GnuPG\bin\gpgconf.exe" --launch gpg-agent Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\Program Files (x86)\GnuPG\bin\gpgconf.exe" --show-versions Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-TcwxNx" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "1" "--logger-fd" "5" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-BdRI5L" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgsm.exe" "--logger-fd" "7" "--server" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-t7bUn0" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-components" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-7MhVGe" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-options" "gpg" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-x5JUd5" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgsm.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\Program Files (x86)\GnuPG\bin\gpgconf.exe" --launch gpg-agent Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-Tp2IWQ" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "C:\Program Files (x86)\GnuPG\bin\gpg.exe" --dump-option-table Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-7MhVGe" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-options" "gpg" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-yqo9FC" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-components" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "C:\Program Files (x86)\GnuPG\bin\gpg.exe" --dump-option-table Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-TcwxNx" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "1" "--logger-fd" "5" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-options" "gpg" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-8DQmvj" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-8DQmvj" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgsm.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-dirs" Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: mshtml.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msiso.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: mapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: libwinpthread-1.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: libwinpthread-1.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: mapi32.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\regsvr32.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkleopatraclientcore.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkleopatraclientgui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5codecs.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5configcore.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5configgui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5configwidgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5coreaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5crash.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5i18n.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5iconthemes.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5itemmodels.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5widgetsaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5windowsystem.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5xmlgui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkpim5libkleo.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkpim5mime.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkpim5mimetreeparserwidgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5network.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5printsupport.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libassuan-0.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgpg-error-0.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgpgme-11.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgpgmepp-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libqgpgme-15.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libwinpthread-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5i18n.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libassuan-0.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgpg-error-0.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgpgmepp-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5i18n.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5coreaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5guiaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5i18n.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5widgetsaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libintl-8.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5archive.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5widgetsaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5svg.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5guiaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5itemviews.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5widgetsaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5network.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5printsupport.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5xml.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5completion.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5widgetsaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgpgme-11.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgpgmepp-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libqgpgme-15.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkpim5mimetreeparsercore.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5calendarcore.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5widgetsaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5core.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5printsupport.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libqgpgme-15.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libpcre2-16.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: zlib1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libwinpthread-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: zlib1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgpg-error-0.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libwinpthread-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libgcc_s_dw2-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libwinpthread-1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libiconv-2.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: zlib1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: zlib1.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkf5widgetsaddons.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libkpim5mbox.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libqgpgme-15.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libical.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libicalss.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libicalvcal.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libical.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5gui.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: qt5widgets.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libpng16-16.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: opengl32.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libstdc++-6.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libical.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: glu32.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: libfreetype.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: d3d10warp.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libassuan-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libnpth-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libsqlite3-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: zlib1.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libassuan-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libksba-8.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libnpth-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libassuan-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libnpth-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: libassuan-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: libksba-8.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: libnpth-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: security.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: secur32.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libassuan-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libnpth-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libsqlite3-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: zlib1.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libassuan-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libksba-8.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libnpth-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: libassuan-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: libksba-8.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: libnpth-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: libsqlite3-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Section loaded: libassuan-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libassuan-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libnpth-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgcrypt-20.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: libgpg-error-0.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Section loaded: profapi.dll
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File written: C:\Users\user\AppData\Local\Temp\nsh461E.tmp\homegpgbuilderbgnupgdistPLAY-releasegnupg-w32-2.4.5build-auxspeedow32inst-options.ini Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Automated click: OK
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Automated click: Next >
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Automated click: Next >
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Automated click: Install
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Automated click: Next >
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\System32\regsvr32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\GNU.GpgOL Jump to behavior
Source: gpg4win-4.3.1.exe Static file information: File size 35521800 > 1048576
Source: gpg4win-4.3.1.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B51400 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress, 13_2_00B51400
PE file contains sections with non-standard names
Source: g4wihelp.dll.0.dr Static PE information: section name: /4
Source: libpcre2-16.dll.0.dr Static PE information: section name: /4
Source: libKF5JobWidgets.dll.0.dr Static PE information: section name: /4
Source: libKF5IconThemes.dll.0.dr Static PE information: section name: /4
Source: libKF5IconThemes.dll.0.dr Static PE information: section name: /16
Source: libKF5Archive.dll.0.dr Static PE information: section name: /4
Source: libKF5Bookmarks.dll.0.dr Static PE information: section name: /4
Source: libKF5ThreadWeaver.dll.0.dr Static PE information: section name: /4
Source: libfreetype.dll.0.dr Static PE information: section name: /4
Source: libKF5Solid.dll.0.dr Static PE information: section name: /4
Source: kio_file.dll.0.dr Static PE information: section name: /4
Source: kio_file.dll.0.dr Static PE information: section name: /16
Source: libKF5KIOWidgets.dll.0.dr Static PE information: section name: /4
Source: libKF5KIOCore.dll.0.dr Static PE information: section name: /4
Source: libKF5KIOGui.dll.0.dr Static PE information: section name: /4
Source: libKF5Crash.dll.0.dr Static PE information: section name: /4
Source: libjpeg-9.dll.0.dr Static PE information: section name: /4
Source: libpng16-16.dll.0.dr Static PE information: section name: /4
Source: libKPim5Libkleo.dll.0.dr Static PE information: section name: /4
Source: libKF5ItemModels.dll.0.dr Static PE information: section name: /4
Source: libKF5ItemViews.dll.0.dr Static PE information: section name: /4
Source: libKF5Service.dll.0.dr Static PE information: section name: /4
Source: qsvg.dll.0.dr Static PE information: section name: .qtmetad
Source: qsvg.dll.0.dr Static PE information: section name: .eh_fram
Source: qsvgicon.dll.0.dr Static PE information: section name: .qtmetad
Source: qsvgicon.dll.0.dr Static PE information: section name: .eh_fram
Source: Qt5Svg.dll.0.dr Static PE information: section name: .eh_fram
Source: overlayer.exe.0.dr Static PE information: section name: /4
Source: resolver.exe.0.dr Static PE information: section name: /4
Source: libical.dll.0.dr Static PE information: section name: /4
Source: libKF5CalendarCore.dll.0.dr Static PE information: section name: /4
Source: libKPim5MimeTreeParserWidgets.dll.0.dr Static PE information: section name: /4
Source: libKPim5MimeTreeParserCore.dll.0.dr Static PE information: section name: /4
Source: libKF5TextWidgets.dll.0.dr Static PE information: section name: /4
Source: sonnet_ispellchecker.dll.0.dr Static PE information: section name: /4
Source: sonnet_ispellchecker.dll.0.dr Static PE information: section name: /16
Source: libKF5SonnetUi.dll.0.dr Static PE information: section name: /4
Source: libKF5SonnetCore.dll.0.dr Static PE information: section name: /4
Source: scute.dll.0.dr Static PE information: section name: /4
Source: gpgolkeyadder.exe.0.dr Static PE information: section name: /4
Source: gpgolconfig.exe.0.dr Static PE information: section name: /4
Source: libkleopatraclientgui.dll.0.dr Static PE information: section name: /4
Source: libkleopatraclientcore.dll.0.dr Static PE information: section name: /4
Source: kleopatra.exe.0.dr Static PE information: section name: /4
Source: paperkey.exe.0.dr Static PE information: section name: /4
Source: libicalvcal.dll.0.dr Static PE information: section name: /4
Source: libicalss.dll.0.dr Static PE information: section name: /4
Source: gpgol.dll.0.dr Static PE information: section name: /4
Source: gpgex.dll.0.dr Static PE information: section name: /4
Source: gpgol.dll0.0.dr Static PE information: section name: .xdata
Source: sha1sum.exe.0.dr Static PE information: section name: /4
Source: sha256sum.exe.0.dr Static PE information: section name: /4
Source: md5sum.exe.0.dr Static PE information: section name: /4
Source: libstdc++-6.dll.0.dr Static PE information: section name: /4
Source: libgcc_s_dw2-1.dll.0.dr Static PE information: section name: /4
Source: libwinpthread-1.dll0.0.dr Static PE information: section name: .xdata
Source: libiconv-2.dll.0.dr Static PE information: section name: /4
Source: iconv.dll.0.dr Static PE information: section name: /4
Source: zlib1.dll.0.dr Static PE information: section name: /4
Source: Qt5Core.dll.0.dr Static PE information: section name: .qtmimed
Source: Qt5Core.dll.0.dr Static PE information: section name: .eh_fram
Source: Qt5Gui.dll.0.dr Static PE information: section name: .eh_fram
Source: Qt5Widgets.dll.0.dr Static PE information: section name: .eh_fram
Source: Qt5Network.dll.0.dr Static PE information: section name: .eh_fram
Source: Qt5PrintSupport.dll.0.dr Static PE information: section name: .eh_fram
Source: Qt5Xml.dll.0.dr Static PE information: section name: .eh_fram
Source: qwindows.dll.0.dr Static PE information: section name: .qtmetad
Source: qwindows.dll.0.dr Static PE information: section name: .eh_fram
Source: windowsprintersupport.dll.0.dr Static PE information: section name: .qtmetad
Source: windowsprintersupport.dll.0.dr Static PE information: section name: .eh_fram
Source: qwindowsvistastyle.dll.0.dr Static PE information: section name: .qtmetad
Source: qwindowsvistastyle.dll.0.dr Static PE information: section name: .eh_fram
Source: libintl-8.dll.0.dr Static PE information: section name: /4
Source: intl.dll.0.dr Static PE information: section name: /4
Source: libassuan-0.dll.0.dr Static PE information: section name: /4
Source: libassuan-0.dll0.0.dr Static PE information: section name: .xdata
Source: libgpg-error-0.dll.0.dr Static PE information: section name: /4
Source: gpg-error.exe.0.dr Static PE information: section name: /4
Source: libgpg-error-0.dll0.0.dr Static PE information: section name: .xdata
Source: pinentry-w32.exe.0.dr Static PE information: section name: /4
Source: pinentry.exe.0.dr Static PE information: section name: /4
Source: gpgex.dll0.0.dr Static PE information: section name: .xdata
Registers a DLL
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\system32\regsvr32" /s "C:\Program Files (x86)\Gpg4win\bin_64\gpgol.dll"
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 push eax; mov dword ptr [esp], ebx 0_2_004046A1
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 push ebx; mov dword ptr [esp], 00000009h 0_2_004046C1
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 push eax; mov dword ptr [esp], 00000000h 0_2_00404783
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 push ebx; mov dword ptr [esp], eax 0_2_004047D1
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 push edx; mov dword ptr [esp], edi 0_2_004048DF
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 push eax; mov dword ptr [esp], ebx 0_2_00404A91
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 push ecx; mov dword ptr [esp], 0042BA60h 0_2_00404B0C
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 push eax; mov dword ptr [esp], 0042BA60h 0_2_00404B7B
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 push esi; mov dword ptr [esp], 00000002h 0_2_00404BFB
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00405437 push eax; mov dword ptr [esp], 00000405h 0_2_00405968
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00402EC6 push edx; mov dword ptr [esp], esi 0_2_00402F04
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00406AE1 push ebx; mov dword ptr [esp], eax 0_2_00406ECB
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004018E7 push eax; mov dword ptr [esp], ebx 0_2_004019B9
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00406A8D push edx; mov dword ptr [esp], esi 0_2_00406AC2
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408C92 push ebx; mov dword ptr [esp], 004329C0h 0_2_00408CAE
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408C92 push ecx; mov dword ptr [esp], 004329C0h 0_2_00408CFB
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408C92 push eax; mov dword ptr [esp], 004329C0h 0_2_00408D2A
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004074A3 push ecx; mov dword ptr [esp], 0042C2C0h 0_2_004074DC
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004032B0 push ecx; mov dword ptr [esp], eax 0_2_00403324
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004060B1 push esi; mov dword ptr [esp], ebx 0_2_004060F0
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004060B1 push edx; mov dword ptr [esp], ebx 0_2_00406131
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004060B1 push eax; mov dword ptr [esp], 00000008h 0_2_004061B4
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004060B1 push eax; mov dword ptr [esp], ebx 0_2_00406274
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004060B1 push esi; mov dword ptr [esp], ebx 0_2_00406326
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004060B1 push eax; mov dword ptr [esp], 00000001h 0_2_0040634B
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004060B1 push ebx; mov dword ptr [esp], 0042D2E0h 0_2_004063E0
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408D46 push ecx; mov dword ptr [esp], ebx 0_2_00408E0C
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408D46 push eax; mov dword ptr [esp], ebx 0_2_00408ED8
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408D46 push edx; mov dword ptr [esp], ebx 0_2_00408F90
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404D52 push eax; mov dword ptr [esp], ebx 0_2_00404D80
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_0040656C push eax; mov dword ptr [esp], esi 0_2_0040672E

Persistence and Installation Behavior
barindex
Contains functionality to infect the boot sector
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: RegOpenKeyExA,RegQueryValueExA,_stricmp,RegCloseKey,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d 15_2_6569406F
Drops PE files
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\Qt5Network.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\Qt5Xml.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\libnpth-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\gpgex.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\styles\qwindowsvistastyle.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\scdaemon.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5Bookmarks.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libintl-8.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5JobWidgets.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\libksba-8.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5CalendarCore.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5Crash.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libgcc_s_dw2-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\scute.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5SonnetUi.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpg-check-pattern.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\pinentry.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5SonnetCore.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libjpeg-9.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\plugins\kf5\sonnet\sonnet_ispellchecker.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\zlib1.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\sha1sum.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Users\user\AppData\Local\Temp\nsh461E.tmp\InstallOptions.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5ThreadWeaver.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\Qt5Gui.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpgv.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\Qt5Svg.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\zlib1.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKPim5MimeTreeParserCore.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libassuan-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\keyboxd.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\pinentry-w32.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin_64\libwinpthread-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libicalvcal.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\Qt5PrintSupport.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libpcre2-16.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\dirmngr.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libfreetype.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpg-card.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libiconv-2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\libassuan-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5Archive.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5TextWidgets.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\Qt5Core.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libicalss.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\gnupg-uninstall.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5KIOWidgets.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpg.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpgme-w32spawn.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\overlayer.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5KIOCore.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin_64\libassuan-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\gpgolconfig.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\libgcrypt-20.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libwinpthread-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\imageformats\qsvg.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpg-agent.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libstdc++-6.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Users\user\AppData\Local\Temp\nsh461E.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5IconThemes.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\g4wihelp.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\printsupport\windowsprintersupport.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5ItemModels.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5Service.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\UserInfo.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\plugins\kf5\kio\kio_file.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Users\user\AppData\Local\Temp\nsh461E.tmp\UserInfo.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\libsqlite3-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5KIOGui.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\Qt5Widgets.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\sha256sum.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libical.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\iconv.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\nsDialogs.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libpng16-16.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\intl.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKPim5Libkleo.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libkleopatraclientcore.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\gpgol.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\LangDLL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\dirmngr_ldap.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\pinentry-basic.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\libgpgme-11.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\resolver.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5Solid.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\iconengines\qsvgicon.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\paperkey.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin_64\gpgol.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpg-preset-passphrase.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\gpg-error.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKPim5MimeTreeParserWidgets.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\gpgolkeyadder.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin_64\libgpg-error-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\libgpg-error-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\platforms\qwindows.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpg-wks-client.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\gpg4win-uninstall.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Users\user\AppData\Local\Temp\nsh461E.tmp\g4wihelp.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libgpg-error-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libkleopatraclientgui.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\md5sum.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\bin\libKF5ItemViews.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\bin\gpgtar.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\Program Files (x86)\Gpg4win\pkg-licenses.txt Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe File created: C:\Program Files (x86)\GnuPG\README.txt Jump to behavior

Boot Survival
barindex
Contains functionality to infect the boot sector
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: RegOpenKeyExA,RegQueryValueExA,_stricmp,RegCloseKey,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,CreateFileA,DeviceIoControl,CloseHandle, \\.\PhysicalDrive%d 15_2_6569406F
Stores files to the Windows start menu directory
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Section loaded: OutputDebugStringW count: 401
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Memory allocated: 5750000 memory reserve | memory write watch Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6568F503 rdtsc 15_2_6568F503
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Window / User API: foregroundWindowGot 583 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh461E.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\gpgex.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\styles\qwindowsvistastyle.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\scdaemon.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5Bookmarks.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\g4wihelp.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5JobWidgets.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\printsupport\windowsprintersupport.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin_64\gpgex.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\scute.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5SonnetUi.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\gpg-check-pattern.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\pinentry.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5Service.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\UserInfo.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5SonnetCore.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\plugins\kf5\kio\kio_file.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libjpeg-9.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\plugins\kf5\sonnet\sonnet_ispellchecker.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh461E.tmp\UserInfo.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\sha1sum.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh461E.tmp\InstallOptions.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5KIOGui.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5ThreadWeaver.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\gpgv.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\sha256sum.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\iconv.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\nsDialogs.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\intl.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\pinentry-w32.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\gpgol.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\dirmngr_ldap.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\pinentry-basic.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\LangDLL.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\resolver.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\gpg-card.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5Solid.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\iconengines\qsvgicon.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\paperkey.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin_64\gpgol.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\gpg-preset-passphrase.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\gpg-error.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5TextWidgets.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\gpgolkeyadder.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\gnupg-uninstall.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5KIOWidgets.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\platforms\qwindows.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\gpgme-w32spawn.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsaE9C6.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\overlayer.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\gpg-wks-client.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\libKF5KIOCore.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\gpg4win-uninstall.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh461E.tmp\g4wihelp.dll Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\gpgolconfig.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\md5sum.exe Jump to dropped file
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Dropped PE file which has not been started: C:\Program Files (x86)\Gpg4win\bin\imageformats\qsvg.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Dropped PE file which has not been started: C:\Program Files (x86)\GnuPG\bin\gpgtar.exe Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe API coverage: 0.1 %
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe API coverage: 6.0 %
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe API coverage: 0.8 %
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File Volume queried: C:\Program Files (x86) FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe File Volume queried: C:\Program Files (x86) FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408C5A FindFirstFileW,FindClose, 0_2_00408C5A
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00408D46 DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_00408D46
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_004036C8 FindFirstFileW, 0_2_004036C8
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Code function: 3_2_00408A56 FindFirstFileW,FindClose, 3_2_00408A56
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Code function: 3_2_00408B42 DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 3_2_00408B42
Source: C:\Users\user\AppData\Local\Temp\gnupg-w32-2.4.5_20240307-bin.exe Code function: 3_2_004036C8 FindFirstFileW, 3_2_004036C8
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00413B49 FindFirstFileW,gcry_free,strlen,gcry_malloc,gcry_free,FindNextFileW,FindClose,gcry_free, 15_2_00413B49
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00413B20 strpbrk,FindFirstFileW,gcry_free,strlen,gcry_malloc,gcry_free,FindNextFileW,FindClose,gcry_free,FindClose,gcry_free,FindClose, 15_2_00413B20
Source: gpgconf.exe, 0000000F.00000002.1952549603.0000000000828000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlln
Source: kleopatra.exe, 0000000D.00000002.2626865191.0000000000CE7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlli#J<
Source: regsvr32.exe, 00000007.00000003.1829235539.000000000133E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;;s
Source: kleopatra.exe, 0000000D.00000002.2629676680.0000000001877000.00000002.00000001.01000000.0000002B.sdmp Binary or memory string: 21QEmulationPaintEngine
Source: gpgconf.exe, 00000012.00000002.1956866092.0000000000718000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6568F503 rdtsc 15_2_6568F503
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00BB6F30 pthread_setname_np,pthread_mutex_lock,pthread_mutex_unlock,_strdup,free,IsDebuggerPresent,RaiseException, 13_2_00BB6F30
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00B51400 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress, 13_2_00B51400
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_65694890 GetActiveWindow,GetCapture,GetClipboardOwner,GetClipboardViewer,GetCurrentProcess,GetCurrentProcessId,GetCurrentThread,GetCurrentThreadId,GetDesktopWindow,GetFocus,GetInputState,GetMessagePos,GetMessageTime,GetOpenClipboardWindow,GetProcessHeap,GetProcessWindowStation,GetTickCount,GetCaretPos,GetCursorPos,GlobalMemoryStatus,GetCurrentThread,GetThreadTimes,GetCurrentProcess,GetProcessTimes,GetProcessWorkingSetSize,GetStartupInfoA,QueryPerformanceCounter,GetTickCount, 15_2_65694890
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Code function: 14_2_0040117C Sleep,Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,_amsg_exit,_initterm,GetStartupInfoW,_cexit,_initterm,exit, 14_2_0040117C
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Code function: 14_2_00401170 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv, 14_2_00401170
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Code function: 14_2_004011B3 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv, 14_2_004011B3
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_0040117C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,GetStartupInfoA,_cexit,_initterm,exit, 15_2_0040117C
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00401170 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 15_2_00401170
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_004011B3 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv, 15_2_004011B3
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_004013D1 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm, 15_2_004013D1
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Memory allocated: page read and write | page guard Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-q4mVpo" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-dirs" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-yqo9FC" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-components" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-Tp2IWQ" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-x5JUd5" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgsm.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-8DQmvj" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\Program Files (x86)\GnuPG\bin\gpgconf.exe" --launch gpg-agent Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\Program Files (x86)\GnuPG\bin\gpgconf.exe" --show-versions Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-TcwxNx" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "1" "--logger-fd" "5" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-BdRI5L" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgsm.exe" "--logger-fd" "7" "--server" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-t7bUn0" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-components" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-7MhVGe" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-options" "gpg" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-x5JUd5" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgsm.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\Program Files (x86)\GnuPG\bin\gpgconf.exe" --launch gpg-agent Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-Tp2IWQ" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "C:\Program Files (x86)\GnuPG\bin\gpg.exe" --dump-option-table Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-7MhVGe" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-options" "gpg" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-yqo9FC" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--list-components" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "C:\Program Files (x86)\GnuPG\bin\gpg.exe" --dump-option-table Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-TcwxNx" "C:\\Program Files (x86)\\GnuPG\\bin\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "1" "--logger-fd" "5" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-options" "gpg" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-8DQmvj" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "C:\\Program Files (x86)\\Gpg4win\\bin\\gpgme-w32spawn.exe" "C:\\Users\\user\\AppData\\Local\\Temp\\gpgme-8DQmvj" "C:\\Program Files (x86)\\GnuPG\\bin\\gpgconf.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgsm.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgsm.exe" "--version" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe "C:\\\\Program Files (x86)\\\\GnuPG\\\\bin\\\\gpgconf.exe" "--list-dirs" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe "C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe" NOP Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: unknown unknown Jump to behavior
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "c:\\program files (x86)\\gpg4win\\bin\\gpgme-w32spawn.exe" "c:\\users\\user\\appdata\\local\\temp\\gpgme-tcwxnx" "c:\\program files (x86)\\gnupg\\bin\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "1" "--logger-fd" "5" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--"
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "c:\\\\program files (x86)\\\\gnupg\\\\bin\\\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "4" "--logger-fd" "12" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--"
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "c:\\program files (x86)\\gpg4win\\bin\\gpgme-w32spawn.exe" "c:\\users\\user\\appdata\\local\\temp\\gpgme-tcwxnx" "c:\\program files (x86)\\gnupg\\bin\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "1" "--logger-fd" "5" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "c:\\program files (x86)\\gpg4win\\bin\\gpgme-w32spawn.exe" "c:\\users\\user\\appdata\\local\\temp\\gpgme-tcwxnx" "c:\\program files (x86)\\gnupg\\bin\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "1" "--logger-fd" "5" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe "c:\\program files (x86)\\gpg4win\\bin\\gpgme-w32spawn.exe" "c:\\users\\user\\appdata\\local\\temp\\gpgme-tcwxnx" "c:\\program files (x86)\\gnupg\\bin\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "1" "--logger-fd" "5" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "c:\\\\program files (x86)\\\\gnupg\\\\bin\\\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "4" "--logger-fd" "12" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--" Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\gpgme-w32spawn.exe Process created: C:\Program Files (x86)\GnuPG\bin\gpg.exe "c:\\\\program files (x86)\\\\gnupg\\\\bin\\\\gpg.exe" "--disable-dirmngr" "--no-auto-check-trustdb" "--batch" "--status-fd" "4" "--logger-fd" "12" "--no-tty" "--charset=utf8" "--enable-progress-filter" "--exit-on-status-write-error" "--ttyname=/dev/tty" "--with-colons" "--with-secret" "--with-keygrip" "--list-keys" "--"
Contains functionality to query CPU information (cpuid)
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_655CDA06 cpuid 15_2_655CDA06
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\qt.conf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\qt.conf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\platforms\qwindows.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\iconengines\qsvgicon.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\data\icontheme.rcc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\data\icontheme.rcc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\translations\qt_en.qm VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\translations\qt_en.qm VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\styles\qwindowsvistastyle.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\share\kdeglobals VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\share\color-schemes\Breeze.colors VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\share\color-schemes\BreezeDark.colors VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\share\color-schemes\Breeze.colors VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\etc\xdg\libkleopatrarc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\etc\xdg\libkleopatrarc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\etc\xdg\libkleopatrarc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Program Files (x86)\Gpg4win\bin\imageformats\qsvg.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Queries volume information: C:\Users\user\AppData\Roaming\kleopatra\kleopatrarc.ttoIan VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00BB80D3 GetSystemTimeAsFileTime, 13_2_00BB80D3
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_004062C0 gcry_xstrdup,gpgrt_fopen,gpgrt_read_line,strchr,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strchr,strcmp,strchr,strchr,gpgrt_fprintf,gpgrt_fprintf,gpgrt_fputc,_errno,_errno,gpgrt_fclose,gcry_free,gcry_free,gpgrt_ferror,gpgrt_fclose,_errno,strchr,strchr,strchr,gpgrt_fprintf,gpgrt_fprintf,_errno,gcry_free,strchr,strcmp,gpgrt_fprintf,_errno,_errno,_errno,strchr,gcry_free,_gpg_w32_gettext,GetUserNameA,GetUserNameA,gcry_xmalloc,GetUserNameA, 15_2_004062C0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_656AB710 GetTimeZoneInformation,GetSystemTimeAsFileTime, 15_2_656AB710
Source: C:\Users\user\Desktop\gpg4win-4.3.1.exe Code function: 0_2_00404648 EntryPoint,SetErrorMode,GetVersion,lstrlenA,InitCommonControls,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,DeleteFileW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,GetTempPathW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,CoUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_00404648
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C3C4C0 icallangbind_property_eval_string,icallangbind_property_eval_string_r,icalmemory_add_tmp_buffer, 13_2_00C3C4C0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C3C4F0 icallangbind_string_to_open_flag, 13_2_00C3C4F0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C3C5D0 icallangbind_quote_as_ical,strlen,icalmemory_new_buffer,icalvalue_encode_ical_string,icalmemory_add_tmp_buffer, 13_2_00C3C5D0
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C3C590 icallangbind_quote_as_ical_r,strlen,icalmemory_new_buffer,icalvalue_encode_ical_string, 13_2_00C3C590
Source: C:\Program Files (x86)\Gpg4win\bin\kleopatra.exe Code function: 13_2_00C16BC0 icalcomponent_add_component,icalerror_set_errno,_ZTISt22_Maybe_get_result_typeISt5_BindIFPFSt5tupleIJN5GpgME5ErrorE7QStringS3_EEPNS2_7ContextERKNS2_3KeyENS2_16RevocationReasonERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaISI_EEESt12_PlaceholderILi1EES8_SB_SK_EEvE,icaltimezone_array_append_from_vtimezone,icaltimezone_array_new, 13_2_00C16BC0
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_00407A60 _gpg_w32_bindtextdomain,_gpg_w32_textdomain, 15_2_00407A60
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B487E20 TlsAlloc,LocalAlloc,TlsGetValue,LocalFree,LocalAlloc,TlsSetValue,TlsGetValue,LocalFree,TlsFree,TlsSetValue,GetModuleFileNameW,WideCharToMultiByte,WideCharToMultiByte,malloc,WideCharToMultiByte,strrchr,strrchr,strlen,_gpg_w32_bindtextdomain,free,malloc, 15_2_6B487E20
Source: C:\Program Files (x86)\GnuPG\bin\gpgconf.exe Code function: 15_2_6B482960 _gpg_w32_bindtextdomain,strlen,malloc,memcpy,strchr,strlen,strlen,strlen,malloc,memcpy,memcpy,memcpy,free,calloc,memcpy,malloc,memcpy,EnterCriticalSection,strcmp,LeaveCriticalSection,free,free,free,EnterCriticalSection,strcmp,LeaveCriticalSection,free,free,free,free, 15_2_6B482960
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1558749 Sample: gpg4win-4.3.1.exe Startdate: 19/11/2024 Architecture: WINDOWS Score: 36 83 Contains functionality to infect the boot sector 2->83 85 Tries to delay execution (extensive OutputDebugStringW loop) 2->85 8 gpg4win-4.3.1.exe 117 1007 2->8         started        11 kleopatra.exe 649 2->11         started        process3 dnsIp4 65 C:\Program Files (x86)\...\kleopatra.exe, PE32 8->65 dropped 67 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 8->67 dropped 69 C:\Users\user\AppData\Local\...\g4wihelp.dll, PE32 8->69 dropped 71 77 other files (none is malicious) 8->71 dropped 14 gnupg-w32-2.4.5_20240307-bin.exe 10 228 8->14         started        17 regsvr32.exe 8->17         started        19 regsvr32.exe 8->19         started        81 127.0.0.1 unknown unknown 11->81 21 gpgconf.exe 11->21         started        23 gpgme-w32spawn.exe 11->23         started        25 gpgme-w32spawn.exe 11->25         started        27 8 other processes 11->27 file5 process6 file7 73 C:\Program Files (x86)behaviorgraphnuPG\...\gpgconf.exe, PE32 14->73 dropped 75 C:\Users\user\AppData\Local\...\g4wihelp.dll, PE32 14->75 dropped 77 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 14->77 dropped 79 27 other files (none is malicious) 14->79 dropped 29 regsvr32.exe 8 17->29         started        31 regsvr32.exe 3 19->31         started        43 3 other processes 21->43 33 gpgconf.exe 23->33         started        35 gpgsm.exe 25->35         started        37 gpgconf.exe 27->37         started        39 gpgconf.exe 27->39         started        41 gpg.exe 27->41         started        45 6 other processes 27->45 process8 process9 59 3 other processes 33->59 61 2 other processes 35->61 47 conhost.exe 37->47         started        49 conhost.exe 39->49         started        51 conhost.exe 41->51         started        53 gpg-agent.exe 43->53         started        55 conhost.exe 45->55         started        57 conhost.exe 45->57         started        63 2 other processes 45->63
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious

Private

IP
127.0.0.1

Contacted Domains

Name IP Active
s-part-0017.t-0009.t-msedge.net 13.107.246.45 true