| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A7E520 NCryptFreeObject,CryptReleaseContext,CertFreeCertificateContext,EVP_PKEY_free,free, | 8_2_00007FF6D3A7E520 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AB4D00 SetConsoleOutputCP,memset,memset,__acrt_iob_func,__acrt_iob_func,CRYPTO_get_ex_new_index,OPENSSL_init_crypto,memset,malloc,calloc, | 8_2_00007FF6D3AB4D00 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A80C90 BCryptOpenAlgorithmProvider,BCryptCloseAlgorithmProvider, | 8_2_00007FF6D3A80C90 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A9DB60 malloc,free,CRYPTO_memcmp,strcmp,strcmp,_close,free,free,free,free,free,recv, | 8_2_00007FF6D3A9DB60 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A7D7B0 BIO_new_mem_buf,_exit,PEM_read_bio,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free, | 8_2_00007FF6D3A7D7B0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AFF380 malloc,EVP_CipherInit_ex,EVP_CipherUpdate,_exit,EVP_CipherFinal,malloc,malloc,EVP_MAC_init,_exit,EVP_MAC_update,EVP_MAC_update,EVP_MAC_CTX_get_mac_size,EVP_MAC_final,CRYPTO_memcmp,malloc,malloc,htonl,htonl,free,free,ERR_clear_error,free,free, | 8_2_00007FF6D3AFF380 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A7DE90 EVP_CIPHER_CTX_new,EVP_des_ede3_ecb,EVP_EncryptInit_ex,EVP_EncryptUpdate,EVP_EncryptFinal,_exit,EVP_CIPHER_CTX_free, | 8_2_00007FF6D3A7DE90 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A7E590 MultiByteToWideChar,malloc,MultiByteToWideChar,CertFindExtension,CryptDecodeObject,malloc,CryptDecodeObject,_stricmp,free,CryptFindOIDInfo,CryptFindOIDInfo,_stricmp,free,free,strncmp,MultiByteToWideChar,malloc,MultiByteToWideChar,strncmp,MultiByteToWideChar,malloc,MultiByteToWideChar,strncmp,isxdigit,isxdigit,strncmp,CertFindCertificateInStore,CertVerifyTimeValidity,CertFindCertificateInStore,free,OBJ_sn2nid,EVP_PKEY_get_bits,NCryptSignHash,SetLastError,strcmp,NCryptSignHash,SetLastError,calloc,CertOpenStore,CertCloseStore,CertOpenStore,CertCloseStore,CertGetNameStringW,malloc,CertGetNameStringW,d2i_X509,CryptAcquireCertificatePrivateKey,X509_free,NCryptFreeObject,CryptReleaseContext,CertFreeCertificateContext,EVP_PKEY_free,free,free,free,X509_get_pubkey,free,free, | 8_2_00007FF6D3A7E590 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A73072C0 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,GetLocalTime,OpenMutexA,GetTempPathW,GetTempFileNameW,VirtualFreeEx,WritePrivateProfileStructW,FlsAlloc,GetModuleFileNameW,GetApplicationRecoveryCallback,OpenWaitableTimerW,IsSystemResumeAutomatic,EnumTimeFormatsW,SetLocalTime,FreeLibrary,SetThreadPriorityBoost,GetStartupInfoW,ConnectNamedPipe,SetFirmwareEnvironmentVariableW,LCIDToLocaleName,FlushInstructionCache,CreateSemaphoreW,CloseHandle,OpenJobObjectW,CreateThreadpoolCleanupGroup,RtlCaptureStackBackTrace,FindFirstVolumeMountPointW,GetFileMUIInfo,DeleteFiber,ConvertThreadToFiber,EnumCalendarInfoW,FlsGetValue,GetCommModemStatus,VirtualAlloc,GetLocalTime,GetNumaAvailableMemoryNode,GetProcAddress,GetThreadContext,GetFileAttributesW,DebugBreak,UnregisterWait,IsDBCSLeadByte,DeleteVolumeMountPointW,GetConsoleCP,RtlCaptureContext,FindNextFileNameW,WritePrivateProfileStringW,ReadConsoleOutputCharacterW,GetUILanguageInfo,RequestWakeupLatency,GetFullPathNameTransactedW,CreatePrivateNamespaceW,LeaveCriticalSection,GetConsoleProcessList,VirtualProtect,PostQueuedCompletionStatus,GetNumaAvailableMemoryNodeEx,LockFile,lstrlenW,IsBadWritePtr,DosDateTimeToFileTime,ClearCommError,RegisterApplicationRestart,GetNumaNodeProcessorMaskEx,GetLongPathNameW,Wow64SetThreadContext,LocaleNameToLCID,SetErrorMode,GetVolumePathNameW,GetDateFormatW,SetMailslotInfo,ReclaimVirtualMemory,SetTapeParameters,Wow64EnableWow64FsRedirection,GetDiskFreeSpaceW,SetUserGeoID,FlushProcessWriteBuffers,InterlockedPushListSListEx,OutputDebugStringA, | 8_2_00007FF8A73072C0 |
| Source: powershell.exe, 00000005.00000002.2449533867.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://nuget.org/NuGet.exe |
| Source: openvpn.exe, openvpn.exe, 00000008.00000000.2516655394.00007FF6D3B1E000.00000002.00000001.01000000.00000006.sdmp, openvpn.exe, 00000008.00000002.2529295862.00007FF6D3B1E000.00000002.00000001.01000000.00000006.sdmp | String found in binary or memory: http://openvpn.net/faq.html#dhcpclientserv |
| Source: openvpn.exe, openvpn.exe, 00000008.00000000.2516655394.00007FF6D3B1E000.00000002.00000001.01000000.00000006.sdmp, openvpn.exe, 00000008.00000002.2529295862.00007FF6D3B1E000.00000002.00000001.01000000.00000006.sdmp | String found in binary or memory: http://openvpn.net/howto.html#mitm |
| Source: powershell.exe, 00000005.00000002.2447195990.0000000004AF6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://pesterbdd.com/images/Pester.png |
| Source: powershell.exe, 00000005.00000002.2447195990.00000000049A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
| Source: powershell.exe, 00000005.00000002.2447195990.0000000004AF6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html |
| Source: powershell.exe, 00000005.00000002.2447195990.00000000049A1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://aka.ms/pscore6lBeq |
| Source: powershell.exe, 00000005.00000002.2449533867.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/ |
| Source: powershell.exe, 00000005.00000002.2449533867.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/Icon |
| Source: powershell.exe, 00000005.00000002.2449533867.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://contoso.com/License |
| Source: powershell.exe, 00000005.00000002.2447195990.0000000004AF6000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://github.com/Pester/Pester |
| Source: powershell.exe, 00000005.00000002.2447195990.0000000005061000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://go.micro |
| Source: powershell.exe, 00000005.00000002.2449533867.0000000005A0A000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://nuget.org/nuget.exe |
| Source: cwqqRXEhZb.msi, 3c4fc2.msi.1.dr | String found in binary or memory: https://search-keys.com/licenseUser.phpAI_DATA_SETTER_4Params |
| Source: openvpn.exe | String found in binary or memory: https://www.openssl.org/ |
| Source: openvpn.exe, 00000008.00000002.2530851545.00007FF8A7B7F000.00000002.00000001.01000000.00000008.sdmp, openvpn.exe, 00000008.00000002.2531117632.00007FF8B83F1000.00000002.00000001.01000000.00000007.sdmp | String found in binary or memory: https://www.openssl.org/H |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AE48D0 | 8_2_00007FF6D3AE48D0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A948C0 | 8_2_00007FF6D3A948C0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B0A130 | 8_2_00007FF6D3B0A130 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A7BD20 | 8_2_00007FF6D3A7BD20 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AB4D00 | 8_2_00007FF6D3AB4D00 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AFE470 | 8_2_00007FF6D3AFE470 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AD6060 | 8_2_00007FF6D3AD6060 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A79460 | 8_2_00007FF6D3A79460 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B134A0 | 8_2_00007FF6D3B134A0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A73440 | 8_2_00007FF6D3A73440 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A9A3F0 | 8_2_00007FF6D3A9A3F0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AF3FE0 | 8_2_00007FF6D3AF3FE0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AFABD0 | 8_2_00007FF6D3AFABD0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A92BC0 | 8_2_00007FF6D3A92BC0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AA27C0 | 8_2_00007FF6D3AA27C0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AF37C0 | 8_2_00007FF6D3AF37C0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B053C0 | 8_2_00007FF6D3B053C0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AF5C20 | 8_2_00007FF6D3AF5C20 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B157E0 | 8_2_00007FF6D3B157E0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A9DB60 | 8_2_00007FF6D3A9DB60 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A71F60 | 8_2_00007FF6D3A71F60 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AE0BA0 | 8_2_00007FF6D3AE0BA0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B0E350 | 8_2_00007FF6D3B0E350 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B0FF60 | 8_2_00007FF6D3B0FF60 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B06F80 | 8_2_00007FF6D3B06F80 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AFF380 | 8_2_00007FF6D3AFF380 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B0EF10 | 8_2_00007FF6D3B0EF10 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A98EBD | 8_2_00007FF6D3A98EBD |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AFE710 | 8_2_00007FF6D3AFE710 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B126F0 | 8_2_00007FF6D3B126F0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AA6A60 | 8_2_00007FF6D3AA6A60 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AE9650 | 8_2_00007FF6D3AE9650 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B0EAB0 | 8_2_00007FF6D3B0EAB0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A75640 | 8_2_00007FF6D3A75640 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A916B0 | 8_2_00007FF6D3A916B0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B1A240 | 8_2_00007FF6D3B1A240 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AFD2A0 | 8_2_00007FF6D3AFD2A0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3ADBAA0 | 8_2_00007FF6D3ADBAA0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B07E90 | 8_2_00007FF6D3B07E90 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A76290 | 8_2_00007FF6D3A76290 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AF6DF0 | 8_2_00007FF6D3AF6DF0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AFA1E0 | 8_2_00007FF6D3AFA1E0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B1BE10 | 8_2_00007FF6D3B1BE10 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B11630 | 8_2_00007FF6D3B11630 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AC3A20 | 8_2_00007FF6D3AC3A20 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AFAA10 | 8_2_00007FF6D3AFAA10 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AE1600 | 8_2_00007FF6D3AE1600 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A89D70 | 8_2_00007FF6D3A89D70 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A98D60 | 8_2_00007FF6D3A98D60 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A7AD60 | 8_2_00007FF6D3A7AD60 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B09DA0 | 8_2_00007FF6D3B09DA0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3B06540 | 8_2_00007FF6D3B06540 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AD25B0 | 8_2_00007FF6D3AD25B0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A921A0 | 8_2_00007FF6D3A921A0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A7E590 | 8_2_00007FF6D3A7E590 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7304E30 | 8_2_00007FF8A7304E30 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7308E20 | 8_2_00007FF8A7308E20 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7303570 | 8_2_00007FF8A7303570 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A73072C0 | 8_2_00007FF8A73072C0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7309E00 | 8_2_00007FF8A7309E00 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7303D50 | 8_2_00007FF8A7303D50 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7303A80 | 8_2_00007FF8A7303A80 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7308870 | 8_2_00007FF8A7308870 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7386770 | 8_2_00007FF8A7386770 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A739E730 | 8_2_00007FF8A739E730 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7304790 | 8_2_00007FF8A7304790 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A730E7B0 | 8_2_00007FF8A730E7B0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A738C6A0 | 8_2_00007FF8A738C6A0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7386564 | 8_2_00007FF8A7386564 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A73885C8 | 8_2_00007FF8A73885C8 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A738A4A8 | 8_2_00007FF8A738A4A8 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7386360 | 8_2_00007FF8A7386360 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A739A330 | 8_2_00007FF8A739A330 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7308260 | 8_2_00007FF8A7308260 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A73A220C | 8_2_00007FF8A73A220C |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A73881C4 | 8_2_00007FF8A73881C4 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A738D06C | 8_2_00007FF8A738D06C |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7395008 | 8_2_00007FF8A7395008 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7396F74 | 8_2_00007FF8A7396F74 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7306E60 | 8_2_00007FF8A7306E60 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7302D90 | 8_2_00007FF8A7302D90 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7386D84 | 8_2_00007FF8A7386D84 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7394B74 | 8_2_00007FF8A7394B74 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7386B80 | 8_2_00007FF8A7386B80 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7386974 | 8_2_00007FF8A7386974 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7304960 | 8_2_00007FF8A7304960 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7387830 | 8_2_00007FF8A7387830 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7395688 | 8_2_00007FF8A7395688 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A738F528 | 8_2_00007FF8A738F528 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A739D5B4 | 8_2_00007FF8A739D5B4 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A739144C | 8_2_00007FF8A739144C |
| Source: api-ms-win-core-string-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-core-synch-l1-2-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-core-sysinfo-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-core-profile-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-locale-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-core-processthreads-l1-1-1.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-environment-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-multibyte-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-filesystem-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-stdio-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-core-processthreads-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-core-util-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-math-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-private-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-heap-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-core-rtlsupport-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-process-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-core-synch-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-conio-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-core-timezone-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-convert-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: api-ms-win-crt-runtime-l1-1-0.dll.1.dr | Static PE information: No import functions for PE file found |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: aclayers.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc_os.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: msi.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: srpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: tsappcmp.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: textshaping.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: wkscli.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: pcacli.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: aclayers.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: sfc_os.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: msi.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: tsappcmp.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: wkscli.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: rstrtmgr.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: pcacli.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: cabinet.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: linkinfo.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: ntshrui.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Section loaded: cscapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: aclayers.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: sfc.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: sfc_os.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: msi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: windows.ui.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: windowmanagementapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: inputhost.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: windows.ui.immersive.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: atlthunk.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: textshaping.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: wininet.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: atl.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: msisip.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: wshext.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: appxsip.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: opcservices.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: secur32.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: libssl-3-x64.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: libcrypto-3-x64.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: libcrypto-3-x64.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: libpkcs11-helper-1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSI5A72.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\libassuan-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSI97CD.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\libwinpthread-1.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSI79F4.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\libssl-3-x64.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSI5B01.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\libgpg-error-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\libpkcs11-helper-1.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\libcrypto-3-x64.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSI59E4.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSI5918.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSI5AA2.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\UnRar.exe | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\SecureProp.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSIA3F6.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\VCRUNTIME140.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSI99C3.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\vlc.exe | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Windows\Installer\MSI982C.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | File created: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\conhost.exe | Process information set: NOGPFAULTERRORBOX | Jump to behavior |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-sysinfo-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSI5A72.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\libassuan-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-rtlsupport-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSI97CD.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\libwinpthread-1.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-environment-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-synch-l1-2-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSI79F4.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-heap-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-filesystem-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSI5B01.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-multibyte-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-locale-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-runtime-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-string-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\libgpg-error-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-processthreads-l1-1-1.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSI59E4.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-math-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSI5918.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-private-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-stdio-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSI5AA2.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\UnRar.exe | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-process-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-processthreads-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\SecureProp.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-conio-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-crt-convert-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-synch-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSIA3F6.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSI99C3.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-util-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\vlc.exe | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-profile-l1-1-0.dll | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Windows\Installer\MSI982C.tmp | Jump to dropped file |
| Source: C:\Windows\System32\msiexec.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\api-ms-win-core-timezone-l1-1-0.dll | Jump to dropped file |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q4classes/jdk/vm/ci/runtime/JVMCICompilerFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$2.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/amd64/AMD64HotSpotJVMCIBackendFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCICompiler.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q5classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$1.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerConfig.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/services/JVMCIServiceLocator.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q3classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$WeakReferenceHolder.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$3.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q:classes/jdk/vm/ci/hotspot/HotSpotJVMCIBackendFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIReflection.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIReflection.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerFactory.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q5classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$4.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/aarch64/AArch64HotSpotJVMCIBackendFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCIBackend.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$1.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q-classes/jdk/vm/ci/runtime/JVMCICompiler.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/SharedLibraryJVMCIReflection.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/common/JVMCIError.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIBackendFactory.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$1.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q5classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$2.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/services/JVMCIServiceLocator.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerConfig$DummyCompilerFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$3.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCICompilerFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q,classes/jdk/vm/ci/runtime/JVMCIRuntime.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/QOclasses/jdk/vm/ci/hotspot/HotSpotJVMCICompilerConfig$DummyCompilerFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerConfig.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q;classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCIBackend.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/SharedLibraryJVMCIReflection.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerFactory$CompilationLevelAdjustment.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCI.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerFactory$CompilationLevel.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q0classes/jdk/vm/ci/services/JVMCIPermission.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q5classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$3.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/common/JVMCIError.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q)classes/jdk/vm/ci/common/JVMCIError.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/QEclasses/jdk/vm/ci/hotspot/HotSpotJVMCIUnsupportedOperationError.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerConfig$DummyCompilerFactory.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/QLclasses/jdk/vm/ci/hotspot/HotSpotJVMCICompilerFactory$CompilationLevel.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCIRuntime.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$Option.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$4.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$4.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCIRuntime.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$2.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q6classes/jdk/vm/ci/hotspot/HotSpotJVMCIReflection.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCICompilerFactory.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/QEclasses/jdk/vm/ci/hotspot/amd64/AMD64HotSpotJVMCIBackendFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$WeakReferenceHolder.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIUnsupportedOperationError.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$Option.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q:classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerConfig.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCICompiler.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/amd64/AMD64HotSpotJVMCIBackendFactory.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q%classes/jdk/vm/ci/runtime/JVMCI.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerFactory$CompilationLevelAdjustment.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/QVclasses/jdk/vm/ci/hotspot/HotSpotJVMCICompilerFactory$CompilationLevelAdjustment.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q,classes/jdk/vm/ci/runtime/JVMCIBackend.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIBackendFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIUnsupportedOperationError.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/QIclasses/jdk/vm/ci/hotspot/aarch64/AArch64HotSpotJVMCIBackendFactory.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/services/JVMCIPermission.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q<classes/jdk/vm/ci/hotspot/SharedLibraryJVMCIReflection.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q4classes/jdk/vm/ci/services/JVMCIServiceLocator.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/Q:classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$Option.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/services/JVMCIPermission.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: n/QGclasses/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime$WeakReferenceHolder.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/aarch64/AArch64HotSpotJVMCIBackendFactory.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/runtime/JVMCI.class |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCIRuntime.classPK |
| Source: jdk.internal.vm.ci.jmod.1.dr | Binary or memory string: classes/jdk/vm/ci/hotspot/HotSpotJVMCICompilerFactory$CompilationLevel.classPK |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: MoveFileWithProgressW,GetCommModemStatus,SetMailslotInfo,EnumResourceNamesW,GetStartupInfoW,FindNextVolumeMountPointW,GetCurrentProcessorNumberEx,InterlockedPushListSListEx,TerminateProcess,GetCurrentProcessorNumberEx,GetActiveProcessorCount,RequestWakeupLatency,EnumSystemLanguageGroupsW,GetBinaryTypeW,OfferVirtualMemory,IsSystemResumeAutomatic,DeviceIoControl,ReadConsoleOutputW,InitOnceComplete,FlushProcessWriteBuffers,CreateProcessW,GetTimeZoneInformationForYear,DeleteVolumeMountPointW,GetNamedPipeClientComputerNameW,GetLocaleInfoEx,InitializeSynchronizationBarrier,GetProcessWorkingSetSizeEx,FindFirstVolumeW,TrySubmitThreadpoolCallback,GetFileSize,SetProcessPreferredUILanguages,VirtualQueryEx,OutputDebugStringA, | 8_2_00007FF8A7309E00 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: GetProfileSectionW,GetWindowsDirectoryW,ConvertThreadToFiberEx,CopyFileTransactedW,AssignProcessToJobObject,IsValidLanguageGroup,AddVectoredContinueHandler,SetConsoleOutputCP,SetProcessPreferredUILanguages,SetThreadIdealProcessor,GetCompressedFileSizeW,EnumSystemLocalesW,WaitCommEvent,WriteProcessMemory,VirtualQuery,ChangeTimerQueueTimer,Wow64DisableWow64FsRedirection,SetWaitableTimer,GetConsoleDisplayMode,GetQueuedCompletionStatus,GetApplicationRecoveryCallback,DialogBoxIndirectParamW,UpdateLayeredWindow,ContinueDebugEvent,SetCommMask,GetTimeZoneInformationForYear,MoveFileWithProgressW,SetClassLongW,HiliteMenuItem,LoadBitmapW,GetUserObjectSecurity,MultiByteToWideChar,SetThreadExecutionState,ReplyMessage,IsThreadAFiber,GetCurrentDirectoryW,GetFileAttributesW,GlobalAlloc,OutputDebugStringW,GlobalLock,LocalAlloc,VirtualLock,GetTitleBarInfo,CloseHandle,InterlockedPopEntrySList,mouse_event,GlobalLock,SetConsoleOutputCP,UserHandleGrantAccess,InterlockedFlushSList,GetLogicalDrives,StartThreadpoolIo,GetMenuItemID,MonitorFromRect,LocalLock,GetProcessHeap,SetThreadErrorMode,GetTickCount64,FoldStringW,SetThreadpoolWait,CreateWaitableTimerExW,GetPrivateProfileStringW,WritePrivateProfileStringW,GetConsoleOutputCP,GetProcessAffinityMask,CancelThreadpoolIo,DisconnectNamedPipe,DebugBreakProcess,HeapAlloc,CreateThreadpoolIo,CreateSymbolicLinkTransactedW,GetProcessTimes,GetCPInfoExW,SubmitThreadpoolWork,ConvertThreadToFiberEx,ReadConsoleInputW,GetVersion,FindNextVolumeMountPointW,FreeResource,VirtualAlloc,IsValidNLSVersion,GetUserPreferredUILanguages,GetCommState,SetFileApisToOEM,GetHandleInformation,CreateFileW,LoadModule,ReleaseSRWLockShared,GetCurrencyFormatW,FindResourceExW,GetCurrentProcessorNumberEx,GetCommTimeouts,VirtualAlloc,DeleteTimerQueue,RequestWakeupLatency,VerSetConditionMask,GetApplicationRestartSettings, | 8_2_00007FF8A7303D50 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: DdeUnaccessData,DrawIcon,GetFileSize,SetThreadContext,CreateDirectoryTransactedW,GetFileTime,LoadPackagedLibrary,SetFileValidData,PurgeComm,GetMenuDefaultItem,SendMessageTimeoutW,FileTimeToDosDateTime,GetCapture,GetProfileIntW,IsHungAppWindow,RegisterDeviceNotificationW,LoadBitmapW,CancelIo,ReleaseSemaphore,UpdateLayeredWindowIndirect,GetConsoleMode,FormatMessageW,CascadeWindows,DispatchMessageW,FreeConsole,SetLayeredWindowAttributes,SendMessageCallbackW,InitOnceBeginInitialize,SleepConditionVariableCS,GetNumaNodeProcessorMask,OemToCharW,RegisterDeviceNotificationW,LocalLock,GetSystemWindowsDirectoryW,GetDllDirectoryW,EnumResourceNamesW,CreatePrivateNamespaceW,PeekNamedPipe,LocalHandle,GetCurrentThread,ReleaseSemaphore,EnumSystemCodePagesW,UpdateResourceW,IsValidNLSVersion,SetProtectedPolicy,CreateSemaphoreExW,CreateThreadpoolWait,GetNumberOfConsoleMouseButtons,Wow64GetThreadSelectorEntry,SetErrorMode,PostQueuedCompletionStatus,WritePrivateProfileStructW,GetWindowsDirectoryW,OpenPrivateNamespaceW,FindVolumeClose,LocalSize,TryAcquireSRWLockShared,SetupComm,CreateSymbolicLinkW,VirtualAllocEx,GlobalMemoryStatus,IsValidNLSVersion,CreateThreadpool,SetFileCompletionNotificationModes,CompareStringW,GetThreadIOPendingFlag,GetLocaleInfoW,MoveFileW,HeapSize,GetCurrentConsoleFont,LeaveCriticalSectionWhenCallbackReturns,DiscardVirtualMemory,SetHandleInformation,AreFileApisANSI,EndUpdateResourceW,ReadConsoleOutputW,VerifyVersionInfoW,ConvertDefaultLocale,FillConsoleOutputCharacterW,lstrcmpW,CreateThreadpoolWait,SetPriorityClass,EnumTimeFormatsEx,EnumSystemCodePagesW,ReclaimVirtualMemory,GetDurationFormat, | 8_2_00007FF8A7308870 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: GetLocaleInfoW, | 8_2_00007FF8A7432520 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: GetLocaleInfoEx, | 8_2_00007FF8A74323C8 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: GetLocaleInfoW, | 8_2_00007FF8A7394188 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: EnumSystemLocalesW, | 8_2_00007FF8A739F01C |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: EnumSystemLocalesW, | 8_2_00007FF8A739F0EC |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, | 8_2_00007FF8A739ECC0 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: EnumSystemLocalesW, | 8_2_00007FF8A7432B48 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, | 8_2_00007FF8A739F708 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 8_2_00007FF8A739F524 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: GetLocaleInfoW, | 8_2_00007FF8A739F5D4 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: GetLocaleInfoW, | 8_2_00007FF8A739F3CC |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3A9D370 socket,listen,_exit,getsockname,free,free, | 8_2_00007FF6D3A9D370 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AE5E60 setsockopt,bind,_exit, | 8_2_00007FF6D3AE5E60 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF6D3AE5660 listen,_exit,free,free, | 8_2_00007FF6D3AE5660 |
| Source: C:\Users\user\AppData\Roaming\Grovi Tend\Ifid Apps\openvpn.exe | Code function: 8_2_00007FF8A7308E20 RtlUnwind,DdeUninitialize,IntersectRect,CallMsgFilterW,GetUserObjectSecurity,GetDiskFreeSpaceExW,GetLastInputInfo,GetConsoleMode,SetConsoleDisplayMode,DisableThreadLibraryCalls,GetDialogBaseUnits,FlashWindowEx,RemoveDirectoryTransactedW,DeleteTimerQueueEx,DeleteCriticalSection,SetConsoleWindowInfo,OpenProcess,SetProcessDEPPolicy,GetExitCodeProcess,IsWow64Message,DdeQueryStringW,DuplicateHandle,GetVolumePathNameW,OpenProcess,CloseThreadpoolIo,OpenPrivateNamespaceW,PlayMetaFile,GdiComment,CancelSynchronousIo,EnumMetaFile,SelectClipPath,GetNumaHighestNodeNumber,GetShortPathNameW,GetConsoleSelectionInfo,GetThreadUILanguage,GetTextAlign,MapUserPhysicalPagesScatter,WriteConsoleOutputAttribute,ChangeTimerQueueTimer,CreateThreadpoolWait,GetApplicationRestartSettings,UnregisterWaitEx,MoveFileW,GetProcessorSystemCycleTime,OpenPrivateNamespaceW,CreateEventW,FlushViewOfFile,ReleaseMutex,AddResourceAttributeAce,CreateWaitableTimerExW,CheckTokenCapability,GetComputerNameW,TransmitCommChar,GetDiskFreeSpaceExW,DebugBreakProcess,LocalAlloc,IsBadStringPtrW,LocalUnlock,FreeLibrary,CreateWaitableTimerW,SetFileApisToOEM,SetDllDirectoryW,GetCurrentProcess,SetFirmwareEnvironmentVariableExW,GetActiveProcessorGroupCount,GetLocalTime,GetOverlappedResult,CreateHardLinkTransactedW,ApplicationRecoveryInProgress,SetThreadPreferredUILanguages,GetProfileSectionW,ResolveLocaleName,SetFileAttributesW,FindNextChangeNotification,UnlockFile,Wow64DisableWow64FsRedirection,UnregisterApplicationRestart,WaitForSingleObject,GetConsoleAliasExesLengthW,VerifyScripts,CreateFileMappingNumaW,RegCreateKeyExW,RegSetValueExW,RegCloseKey,CreateMutexW,MessageBoxW,CloseHandle,OutputDebugStringA,SetDefaultCommConfigW,UnlockFileEx,MoveFileTransactedW,CreateDirectoryW,MapViewOfFile,SetConsoleMode,AreFileApisANSI,FileTimeToDosDateTime,BindIoCompletionCallback,CompareStringEx,GetDurationFormat,GetNumberOfConsoleMouseButtons,LocalAlloc,GetConsoleAliasExesLengthW,GetFileBandwidthReservation,CloseThreadpoolTimer,SetConsoleActiveScreenBuffer,GetCalendarInfoW,TransactNamedPipe,SetProcessShutdownParameters,GlobalGetAtomNameW,GetThreadUILanguage,GetCurrentProcessId,GetDurationFormatEx,AdjustWindowRect,SetFileTime,SetWaitableTimerEx,VirtualFree,LocaleNameToLCID,GetKeyState,CloseThreadpool,IsValidNLSVersion,LocalHandle,DebugBreakProcess,WriteFileEx,GetNumaProcessorNodeEx,PeekNamedPipe,CloseWindowStation,BindIoCompletionCallback,InitAtomTable,AddClipboardFormatLi |
Edit tour
msiexec.exe (PID: 2956 cmdline: 
powershell.exe (PID: 428 cmdline: 
conhost.exe (PID: 6480 cmdline: 
openvpn.exe (PID: 1252 cmdline: 
