Windows Analysis Report
FLStudio24.1.2.4394.exe

Overview

General Information

Sample name: FLStudio24.1.2.4394.exe
Analysis ID: 1579546
MD5: 8967391c5c1336521055b84fc27361fb
SHA1: ecbb7a57fd23a9e844034c85137077df90f482bf
SHA256: 87e57633f943e2357d4fd735c77328fe8e23317c1a54882b13608b9e76244231
Tags: exeuser-aachum
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Loading BitLocker PowerShell Module
Queries memory information (via WMI often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
AV process strings found (often used to terminate AV products)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection

barindex
Source: Submited Sample Integrated Neural Analysis Model: Matched 98.2% probability
Source: FLStudio24.1.2.4394.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb\ source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C1D4B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C1D4B000.00000002.00000001.01000000.00000003.sdmp
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://narwhaljs.org)
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810768394.000000C857E81000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#count
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://console.spec.whatwg.org/#table
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://crbug.com/v8/7848
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://encoding.spec.whatwg.org
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://fetch.spec.whatwg.org/
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/chalk/supports-color
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1811099466.0000014755237000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/isaacs/color-support.
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/mafintosh/pump
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810657797.000000AD188C0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/blob/1a96d83a223ff9f05f7d942fb84440d323f7b596/lib/internal/bootstrap/
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1814105530.0000032F858C0000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1814105530.0000032F858C0000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810657797.000000AD188C0000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1691052609.0000022C5C5B5000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1711412743.0000022C5C5D1000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1701523738.0000022C5C5DB000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813632805.0000022C5C5D7000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1692453104.0000022C5C5DA000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1809857441.0000022C5C5D6000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1805496875.0000022C5C5B3000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1803117347.0000022C5C59F000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1703191934.0000022C5C5DB000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1693493345.0000022C5C5DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/33229
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1814105530.0000032F858C0000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810768394.000000C857E81000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810768394.000000C857E81000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1811099466.0000014755237000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1693493345.0000022C5C5B5000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1696858973.0000022C5C5B5000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1692727946.0000022C5C5B5000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810657797.000000AD188C0000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1691052609.0000022C5C5B5000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1694600554.0000022C5C5B5000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1697626656.0000022C5C5D0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/vercel/pkg/issues/1589
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://goo.gl/t5IS6M).
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://jimmy.warting.se/opensource
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://no-color.org/
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/api/fs.html
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814407544.000003C106D00000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1811665280.0000022C5A699000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0-headers.tar.gz
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1809600636.0000022C5A691000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1810000421.0000022C5A698000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1811665280.0000022C5A699000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0-headers.tar.gzV
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814407544.000003C106D00000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0.tar.gz
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/download/release/v18.5.0/node-v18.5.0.tar.gzhttps://nodejs.org/download/release/v
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1811580445.0000022C5A640000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1814407544.000003C106D00000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/download/release/v18.5.0/win-x64/node.lib
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814407544.000003C106D00000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v18.5.0/win-x64/node.lib1q
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1811580445.0000022C5A640000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v18.5.0/win-x64/node.libSU
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810288455.0000001E4CBC1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://sourcemaps.info/spec.html
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1811099466.0000014755237000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810768394.000000C857E81000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#url
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://webassembly.github.io/spec/web-api
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813912467.000002B368D40000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1811099466.0000014755237000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810242553.000000168F341000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: FLStudio24.1.2.4394.exe, 00000000.00000003.1690005519.0000022C5C2E4000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810494991.0000007B3A081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1688540809.00007FF7C260A000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamenode.exe* vs FLStudio24.1.2.4394.exe
Source: classification engine Classification label: mal64.evad.winEXE@24/9@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5416:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6452:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6572:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xa5ko0zt.nx4.ps1 Jump to behavior
Source: FLStudio24.1.2.4394.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe File read: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe "C:\Users\user\Desktop\FLStudio24.1.2.4394.exe"
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Get-WmiObject Win32_PortConnector""
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Get-WmiObject Win32_PortConnector"
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "net session"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\net.exe net session
Source: C:\Windows\System32\net.exe Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 session
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Get-WmiObject Win32_PortConnector"" Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "net session" Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Get-WmiObject Win32_PortConnector" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\net.exe net session Jump to behavior
Source: C:\Windows\System32\net.exe Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 session Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'" Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\net.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\net.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\net.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\net.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\System32\net.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\net.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\net1.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\System32\net1.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\net1.exe Section loaded: dsrole.dll Jump to behavior
Source: C:\Windows\System32\net1.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\net1.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\net1.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\System32\net1.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: microsoft.management.infrastructure.native.unmanaged.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: mi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wmidcom.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: fastprox.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: ncobjapi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: mpclient.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: wmitomi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: mi.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: miutils.dll Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\tasklist.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior
Source: FLStudio24.1.2.4394.exe Static PE information: More than 8191 > 100 exports found
Source: FLStudio24.1.2.4394.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: FLStudio24.1.2.4394.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: FLStudio24.1.2.4394.exe Static file information: File size 37687028 > 1048576
Source: FLStudio24.1.2.4394.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x12aa000
Source: FLStudio24.1.2.4394.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xfe5c00
Source: FLStudio24.1.2.4394.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: FLStudio24.1.2.4394.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: FLStudio24.1.2.4394.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: FLStudio24.1.2.4394.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: FLStudio24.1.2.4394.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: FLStudio24.1.2.4394.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: FLStudio24.1.2.4394.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: FLStudio24.1.2.4394.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: FLStudio24.1.2.4394.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb\ source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C1D4B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.24e0b2b2d51e47b9dba34c30\node\out\Release\node.pdb source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C1D4B000.00000002.00000001.01000000.00000003.sdmp
Source: FLStudio24.1.2.4394.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: FLStudio24.1.2.4394.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: FLStudio24.1.2.4394.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: FLStudio24.1.2.4394.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: FLStudio24.1.2.4394.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: FLStudio24.1.2.4394.exe Static PE information: section name: _RDATA
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Code function: 0_2_00007FF740F0CEB8 push edx; ret 0_2_00007FF740F0D371
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Code function: 0_2_00007FF740F094CA push edx; ret 0_2_00007FF740F09500
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Code function: 0_2_00007FF740F0BEDA push edx; ret 0_2_00007FF740F0C371

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\tasklist.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\tasklist.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\tasklist.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_PortConnector
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXEI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OLLYDBG.EXE
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: QEMU-GA.EXE
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814561476.000003E8D0081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMUSRVC.EXE
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814561476.000003E8D0081000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMUSRVC.EXE&I
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814561476.000003E8D0081000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: QEMU-GA.EXE%86%CI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OLLYDBG.EXEI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810442082.000000732B6C1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: DUMPCAP.EXEI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814561476.000003E8D0081000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: XENSERVICE.EXEI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: FIDDLER.EXE
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814561476.000003E8D0081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: XENSERVICE.EXE
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: FIDDLER.EXEI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1810442082.000000732B6C1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: DUMPCAP.EXE
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: WIRESHARK.EXE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 3541 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 2927 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 6257 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 3447 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1620 Thread sleep count: 3541 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1620 Thread sleep count: 2927 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4008 Thread sleep time: -3689348814741908s >= -30000s Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7160 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1196 Thread sleep count: 6257 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1196 Thread sleep count: 3447 > 30 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1312 Thread sleep time: -2767011611056431s >= -30000s Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vboxtray.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmwareuser.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmwaretray.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814561476.000003E8D0081000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmusrvc.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmware
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vboxservice.exeI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vboxtray.exeI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810442082.000000732B6C1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmtoolsd.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: qemu-ga.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814561476.000003E8D0081000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmusrvc.exe&I
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1810442082.000000732B6C1000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmtoolsd.exeI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1811580445.0000022C5A640000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814561476.000003E8D0081000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: qemu-ga.exe%86%cI
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmsrvc.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vboxservice.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814606282.000003EA93981000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: vmwareservice.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000000.1687153744.00007FF7C134B000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\System32\tasklist.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'""
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'" Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist" Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Get-WmiObject Win32_PortConnector"" Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "net session" Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'"" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\tasklist.exe tasklist Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Get-WmiObject Win32_PortConnector" Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\net.exe net session Jump to behavior
Source: C:\Windows\System32\net.exe Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 session Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users\user\AppData'; Add-MpPreference -ExclusionPath 'C:\ProgramData'" Jump to behavior
Source: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe Queries volume information: C:\Users\user\Desktop\FLStudio24.1.2.4394.exe VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: wireshark.exe
Source: FLStudio24.1.2.4394.exe, 00000000.00000002.1814265107.00000385272C1000.00000004.00001000.00020000.00000000.sdmp, FLStudio24.1.2.4394.exe, 00000000.00000002.1813195844.0000022C5C4C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ollydbg.exe
No contacted IP infos