Windows Analysis Report
http://dakvm1hb16unn.cloudfront.net/907GFfC/P6HE/screenpresso-6628595676980865-AsystentPobierania.exe

Overview

General Information

Sample URL: http://dakvm1hb16unn.cloudfront.net/907GFfC/P6HE/screenpresso-6628595676980865-AsystentPobierania.exe
Analysis ID: 1500133
Infos:

Detection

Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for dropped file
.NET source code contains potential unpacker
Contains functionality to capture screen (.Net source)
Machine Learning detection for dropped file
Yara detected Generic Downloader
Abnormal high CPU Usage
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Downloads executable code via HTTP
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file does not import any functions
PE file overlay found
Queries the volume information (name, serial number etc) of a device
Sigma detected: File Download From Browser Process Via Inline URL
Stores files to the Windows start menu directory
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\Downloads\Unconfirmed 208082.crdownload ReversingLabs: Detection: 50%
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe (copy) ReversingLabs: Detection: 50%
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload ReversingLabs: Detection: 50%
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe (copy) ReversingLabs: Detection: 50%
Source: Chrome Cache Entry: 68 ReversingLabs: Detection: 50%
Machine Learning detection for dropped file
Source: /opt/package/joesandbox/database/analysis/1500133/temp/droppedscan/chromecache_68 Joe Sandbox ML: detected
Source: C:\Users\user\Downloads\Unconfirmed 208082.crdownload Joe Sandbox ML: detected
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload Joe Sandbox ML: detected
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.151.70:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.138.24.183:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 46.105.204.6:443 -> 192.168.2.16:49739 version: TLS 1.2

Networking
barindex
Yara detected Generic Downloader
Source: Yara match File source: 16.0.screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe.b00000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload, type: DROPPED
Source: Yara match File source: dropped/chromecache_68, type: DROPPED
Source: Yara match File source: C:\Users\user\Downloads\Unconfirmed 208082.crdownload, type: DROPPED
Downloads executable code via HTTP
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: 1320200Connection: keep-aliveAccess-Control-Allow-Origin: *Cache-Control: private, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0Content-Disposition: attachment; filename="screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe"; filename*=UTF-8''screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exeContent-Transfer-Encoding: binaryDate: Tue, 27 Aug 2024 22:04:19 GMTExpires: Mon, 26 Jul 1997 05:00:00 GMTPragma: publicX-Cache: Miss from cloudfrontVia: 1.1 a9717fb92179a05f5da85fabc586e750.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ZRH55-P1X-Amz-Cf-Id: Sh8Th6UkXpWCmxrNYYnv4iIlCTfFHHPKfQN4Viy8XDKgm4Cl71edcQ==Age: 0Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 12 7d fd 64 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 40 0f 00 00 ba 04 00 00 00 00 00 5e 5f 0f 00 00 20 00 00 00 60 0f 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 14 00 00 02 00 00 14 0c 15 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 5f 0f 00 4c 00 00 00 00 60 0f 00 88 b7 04 00 00 00 00 00 00 00 00 00 00 fc 13 00 08 29 00 00 00 20 14 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 5f 0f 00 08 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 3f 0f 00 00 20 00 00 00 40 0f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 88 b7 04 00 00 60 0f 00 00 b8 04 00 00 42 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 14 00 00 02 00 00 00 fa 13 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL}d@^_ `@ @@_L`) l_ H.textt? @ `.rsrc`B@@.reloc
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamContent-Length: 1320200Connection: keep-aliveAccess-Control-Allow-Origin: *Cache-Control: private, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0Content-Disposition: attachment; filename="screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe"; filename*=UTF-8''screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exeContent-Transfer-Encoding: binaryDate: Tue, 27 Aug 2024 22:05:04 GMTExpires: Mon, 26 Jul 1997 05:00:00 GMTPragma: publicX-Cache: Miss from cloudfrontVia: 1.1 a9717fb92179a05f5da85fabc586e750.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ZRH55-P1X-Amz-Cf-Id: UVlfk9OJBmgvqKz8Bh5haygpqItfk2DXK93MWOAP9NSZdsb5-gJfWw==Age: 0Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 12 7d fd 64 00 00 00 00 00 00 00 00 e0 00 02 00 0b 01 08 00 00 40 0f 00 00 ba 04 00 00 00 00 00 5e 5f 0f 00 00 20 00 00 00 60 0f 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 40 14 00 00 02 00 00 14 0c 15 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 5f 0f 00 4c 00 00 00 00 60 0f 00 88 b7 04 00 00 00 00 00 00 00 00 00 00 fc 13 00 08 29 00 00 00 20 14 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 5f 0f 00 08 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 3f 0f 00 00 20 00 00 00 40 0f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 88 b7 04 00 00 60 0f 00 00 b8 04 00 00 42 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 14 00 00 02 00 00 00 fa 13 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL}d@^_ `@ @@_L`) l_ H.textt? @ `.rsrc`B@@.reloc
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /assets/schema/1.0/schema.xsd HTTP/1.1Host: d22gsqoq303hfz.cloudfront.net
Source: global traffic HTTP traffic detected: GET /assets/WebAdvisor/images/943/lightBG/EN.png HTTP/1.1Host: d22gsqoq303hfz.cloudfront.net
Source: global traffic HTTP traffic detected: GET /assets/RAV_Triple_NCB/images/DOTPS-855/lightBG/EN.png HTTP/1.1Host: d22gsqoq303hfz.cloudfront.net
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49736 -> 108.138.24.183:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49734 -> 108.138.24.183:443
Source: Network traffic Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.16:49735 -> 108.138.24.183:443
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknown TCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknown TCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknown TCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknown TCP traffic detected without corresponding DNS query: 51.104.136.2
Source: unknown TCP traffic detected without corresponding DNS query: 51.104.136.2
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RMoaCfVTB3p4+4A&MD=rCSfcWZh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RMoaCfVTB3p4+4A&MD=rCSfcWZh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /config/dobreprogramy.pl/v3.642.90.219.4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: d22gsqoq303hfz.cloudfront.netAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /assets/schema/1.0/schema.xsd HTTP/1.1Host: d22gsqoq303hfz.cloudfront.net
Source: global traffic HTTP traffic detected: GET /assets/WebAdvisor/images/943/lightBG/EN.png HTTP/1.1Host: d22gsqoq303hfz.cloudfront.net
Source: global traffic HTTP traffic detected: GET /assets/RAV_Triple_NCB/images/DOTPS-855/lightBG/EN.png HTTP/1.1Host: d22gsqoq303hfz.cloudfront.net
Source: global traffic HTTP traffic detected: GET /binaries/releases/stable/dotnet47/Screenpresso.exe HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: www.screenpresso.com
Source: global traffic HTTP traffic detected: GET /907GFfC/P6HE/screenpresso-6628595676980865-AsystentPobierania.exe HTTP/1.1Host: dakvm1hb16unn.cloudfront.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /907GFfC/P6HE/screenpresso-6628595676980865-AsystentPobierania.exe HTTP/1.1Host: dakvm1hb16unn.cloudfront.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: dakvm1hb16unn.cloudfront.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: d22gsqoq303hfz.cloudfront.net
Source: unknown HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 4710Host: login.live.com
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000037EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000037EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2404020706.000000001FBB0000.00000004.00000020.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2404020706.000000001FB20000.00000004.00000020.00020000.00000000.sdmp, chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://cert.ssl.com/DTNT-Intermediate-codeSigning-RSA-4096-R2.cer0Q
Source: chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000037EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000037EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2404020706.000000001FBB0000.00000004.00000020.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2404020706.000000001FB20000.00000004.00000020.00020000.00000000.sdmp, chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://crls.ssl.com/DTNT-Intermediate-codeSigning-RSA-4096-R2.crl0
Source: chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://crls.ssl.com/SSL.com-Enterprise-Intermediate-codeSigning-RSA-4096-R1.crl0
Source: chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000037EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://d22gsqoq303hfz.cloudfront.net
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2388458154.000000000125E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://dakvm1hb16unn.cloudfront.net/907GFfC/P6HE/screenpresso-6628595676980865-AsystentPobierania.ex
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000037EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000037EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://ocsps.ssl.com0
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://www.ssl.com/repository/SSL.com-Enterprise-Intermediate-codeSigning-RSA-4096-R1.crt0
Source: chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2401925516.000000001DBF2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: https://cassinilabs.com/privacy/
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000010.00000000.1705656916.0000000000B65000.00000002.00000001.01000000.00000006.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.0000000003038000.00000004.00000800.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.0000000002FC1000.00000004.00000800.00020000.00000000.sdmp, chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/AVG_AV/files/1319/avg.zipH&_
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/AVG_AV/images/1509/lightBG/EN.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/Avast/Avast_NCH/files/cookie_mmm_irs_ppi_005_888_h.zipH
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/Avast/cookie_mmm_irs_ppi_005_888_d.zipH&_
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/Avast/images/DOTPS-1511/lightBG/EN.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/Opera/files/AutoReplaced/OperaSetup.zipH&_
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/Opera/images/DOTPS-496/lightBG/EN.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/Opera/images/DOTPS-717/NCB/lightBG/EN.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/RAV_Triple_NCB/images/DOTPS-855/lightBG/EN.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/TotalSecurity_AV/files/1127/ts360Setup.zipH&_
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/TotalSecurity_AV/images/1127/V4/EN.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/WebAdvisor/files/1489/saBSI.zipH&_
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/WebAdvisor/images/943/lightBG/EN.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/WinRiser/files/1574/wrsetup.zipH&_
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/WinRiser/images/1365/new_600x250/lightBG/EN.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/WinZip/files/1292/winzip28-dci5.zipH&_
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/WinZip/images/1077/V3/lightBG/EN.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2396362783.0000000013022000.00000004.00000800.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/assets/schema/1.0/schema.xsd
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.0000000003038000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/config/dobreprogramy.pl/v3.642.90.219.4
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.000000000317E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/report
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.000000000317E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d22gsqoq303hfz.cloudfront.net/sec
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.000000000317E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://holding.wp.pl/poufnosc
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.000000000317E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://img.dobreprogramy.pl/Images/ToolIcon/2735/20140224151938_0.png
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000032D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://reasonlabs.com/policies
Source: chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: https://sectigo.com/CPS0
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2396362783.0000000013022000.00000004.00000800.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exeH&_
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.360totalsecurity.com/en/license/
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.360totalsecurity.com/en/privacy/
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avast.com/privacy-policy
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avg.com/ww-en/eula
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.avg.com/ww-en/privacy
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000032D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.opera.com/he/eula/computers
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.opera.com/he/privacy
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000037EA000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpre
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.000000000317E000.00000004.00000800.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000037EA000.00000004.00000800.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000032D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2404020706.000000001FBB0000.00000004.00000020.00020000.00000000.sdmp, screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2404020706.000000001FB20000.00000004.00000020.00020000.00000000.sdmp, chromecache_68.1.dr, Unconfirmed 208082.crdownload.0.dr, screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr String found in binary or memory: https://www.ssl.com/repository0
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.winriser.com/eula
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.winriser.com/privacy-policy
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.winzip.com/win/en/eula.html
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.winzip.com/win/en/privacy.html
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.000000000317E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.wp.pl/?src02=dp_desktop&src01=3t88r
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49715 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.151.70:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.73.194.208:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49729 version: TLS 1.2
Source: unknown HTTPS traffic detected: 108.138.24.183:443 -> 192.168.2.16:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 46.105.204.6:443 -> 192.168.2.16:49739 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing
barindex
Contains functionality to capture screen (.Net source)
Source: screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr, OptLayout.cs .Net Code: DarkenControl
Source: Unconfirmed 208082.crdownload.0.dr, OptLayout.cs .Net Code: DarkenControl
Source: chromecache_68.1.dr, OptLayout.cs .Net Code: DarkenControl
Abnormal high CPU Usage
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process Stats: CPU usage > 24%
PE file does not import any functions
Source: 86e5ee4c-60e8-477c-a64b-96871fb34572.tmp.0.dr Static PE information: No import functions for PE file found
Source: efcb6ae6-eb24-48f8-83b3-1d7d158a498d.tmp.0.dr Static PE information: No import functions for PE file found
PE file overlay found
Source: 86e5ee4c-60e8-477c-a64b-96871fb34572.tmp.0.dr Static PE information: Data appended to the last section found
Source: efcb6ae6-eb24-48f8-83b3-1d7d158a498d.tmp.0.dr Static PE information: Data appended to the last section found
Source: screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr, SingleInstance.cs Security API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
Source: screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr, SingleInstance.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr, RequirementHandlers.cs Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr, RequirementHandlers.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr, RequirementHandlers.cs Security API names: UserUtils.IsAdministratorNoCache(WindowsIdentity.GetCurrent().Name).ToString
Source: Unconfirmed 208082.crdownload.0.dr, RequirementHandlers.cs Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: Unconfirmed 208082.crdownload.0.dr, RequirementHandlers.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: Unconfirmed 208082.crdownload.0.dr, RequirementHandlers.cs Security API names: UserUtils.IsAdministratorNoCache(WindowsIdentity.GetCurrent().Name).ToString
Source: Unconfirmed 208082.crdownload.0.dr, SingleInstance.cs Security API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
Source: Unconfirmed 208082.crdownload.0.dr, SingleInstance.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: chromecache_68.1.dr, SingleInstance.cs Security API names: System.IO.Pipes.PipeSecurity.AddAccessRule(System.IO.Pipes.PipeAccessRule)
Source: chromecache_68.1.dr, SingleInstance.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: chromecache_68.1.dr, RequirementHandlers.cs Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: chromecache_68.1.dr, RequirementHandlers.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: chromecache_68.1.dr, RequirementHandlers.cs Security API names: UserUtils.IsAdministratorNoCache(WindowsIdentity.GetCurrent().Name).ToString
Source: classification engine Classification label: mal64.troj.spyw.evad.win@23/16@7/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\86e5ee4c-60e8-477c-a64b-96871fb34572.tmp Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Mutant created: NULL
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Mutant created: \Sessions\1\BaseNamedObjects\MUTEX_SINGLEINSTANCEANDNAMEDPIPE
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe File created: C:\Users\user\AppData\Local\Temp\_files Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://dakvm1hb16unn.cloudfront.net/907GFfC/P6HE/screenpresso-6628595676980865-AsystentPobierania.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1976,i,17971291757294283927,7401414546722355550,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1976,i,17971291757294283927,7401414546722355550,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4084 --field-trial-handle=1976,i,17971291757294283927,7401414546722355550,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe "C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe"
Source: unknown Process created: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe "C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1976,i,17971291757294283927,7401414546722355550,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1976,i,17971291757294283927,7401414546722355550,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4084 --field-trial-handle=1976,i,17971291757294283927,7401414546722355550,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: bitsproxy.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CE34C0D-0DC9-4C1F-897C-DAA1B78CEE7C}\InProcServer32 Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe File opened: C:\Windows\SYSTEM32\MsftEdit.dll Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll Jump to behavior

Data Obfuscation
barindex
.NET source code contains potential unpacker
Source: screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload.0.dr, PackageExtractor.cs .Net Code: UnZip
Source: Unconfirmed 208082.crdownload.0.dr, PackageExtractor.cs .Net Code: UnZip
Source: chromecache_68.1.dr, PackageExtractor.cs .Net Code: UnZip
PE file contains an invalid checksum
Source: 86e5ee4c-60e8-477c-a64b-96871fb34572.tmp.0.dr Static PE information: real checksum: 0x150c14 should be: 0xd248
Source: efcb6ae6-eb24-48f8-83b3-1d7d158a498d.tmp.0.dr Static PE information: real checksum: 0x150c14 should be: 0x11a56
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Code function: 19_2_00007FFEB8178137 push ebx; ret 19_2_00007FFEB817813A
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Code function: 19_2_00007FFEB86123F3 push es; retn 6002h 19_2_00007FFEB8612491
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Code function: 19_2_00007FFEB8615BFA push eax; iretd 19_2_00007FFEB8615BFD
Drops PE files
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\efcb6ae6-eb24-48f8-83b3-1d7d158a498d.tmp Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 68 Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 208082.crdownload Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe (copy) Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe.crdownload Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.64.29.021.94.exe (copy) Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\86e5ee4c-60e8-477c-a64b-96871fb34572.tmp Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 68
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 68 Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Stores large binary data to the registry
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB Blob Jump to behavior
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Memory allocated: 11B0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Memory allocated: 1AFC0000 memory reserve | memory write watch Jump to behavior
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Window / User API: threadDelayed 9532 Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Window / User API: windowPlacementGot 622 Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Window / User API: windowPlacementGot 391 Jump to behavior
Is looking for software installed on the system
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Registry key enumerated: More than 238 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe TID: 1764 Thread sleep time: -20291418481080494s >= -30000s Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2396362783.0000000013022000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: </DownloadURL></DownloadURLs><Logic><Behavior>PkgDownloadAndRun</Behavior><Events><Event reportOn="PostInstall">InstallSuccess</Event></Events></Logic><Eula>https://www.360totalsecurity.com/en/license/</Eula><PrivacyPolicy>https://www.360totalsecurity.com/en/privacy/</PrivacyPolicy><Layout>ProductLayout2</Layout><RunPath>ts360Setup.exe</RunPath><RunParams><RunParam>/s</RunParam></RunParams><PreInstall><Requirements><Requirement><Type>RegistryKeyExists</Type><Delta>30</Delta><Keys logicalOp="OR"><Key>HKLM\SOFTWARE\360Safe</Key><Key>HKLM\SOFTWARE\WOW6432Node\360Safe</Key><Key>HKLM\SOFTWARE\360TotalSecurity</Key><Key>HKLM\SOFTWARE\WOW6432Node\360TotalSecurity</Key><Key>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360TotalSecurity</Key><Key>HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\360TotalSecurity</Key><Key>HKLM\SOFTWARE\VMware, Inc.</Key></Keys><Value compareOp="Equal">False</Value></Requirement></Requirements></PreInstall><CustomData></CustomData></StaticData></Product><Product optional="true"><DynamicData><Code></Code><Class>Web-Browser</Class><GroupNumber></GroupNumber><GroupName></GroupName><Skin>DOT_Opera_re_V3</Skin><InternalName>Opera_reengaged</InternalName></DynamicData><Locales><Locale name="en" default="true"><Texts><Text cid="txtDisclaimer">
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2396362783.0000000013022000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: <Key>HKLM\SOFTWARE\VMware, Inc.</Key>
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2396362783.0000000013022000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: <Key>HKLM\SOFTWARE\VMware, Inc.</Key>
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2390114579.00000000031F0000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: HKLM\SOFTWARE\VMware, Inc.
Source: screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe, 00000013.00000002.2404020706.000000001FB20000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Memory allocated: page read and write | page guard Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userbril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userbrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Adds / modifies Windows certificates
Source: C:\Users\user\Downloads\screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB Blob Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1500133 URL: http://dakvm1hb16unn.cloudf... Startdate: 28/08/2024 Architecture: WINDOWS Score: 64 39 www.google.com 2->39 41 d22gsqoq303hfz.cloudfront.net 2->41 51 Multi AV Scanner detection for dropped file 2->51 53 .NET source code contains potential unpacker 2->53 55 Machine Learning detection for dropped file 2->55 57 2 other signatures 2->57 7 chrome.exe 21 2->7         started        11 screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe 14 4 2->11         started        13 rundll32.exe 2->13         started        15 screenpresso-6628595676980865-AsystentPobierania_v3.642.90.219.4.exe 2->15         started        signatures3 process4 dnsIp5 43 192.168.2.16, 138, 443, 49698 unknown unknown 7->43 45 192.168.2.4 unknown unknown 7->45 47 239.255.255.250 unknown Reserved 7->47 27 screenpresso-66285...90.219.4.exe (copy), PE32 7->27 dropped 29 screenpresso-66285...1.94.exe.crdownload, PE32 7->29 dropped 31 screenpresso-66285...9.021.94.exe (copy), PE32 7->31 dropped 33 3 other malicious files 7->33 dropped 17 chrome.exe 7->17         started        21 chrome.exe 7->21         started        23 chrome.exe 7->23         started        49 d22gsqoq303hfz.cloudfront.net 108.138.24.183, 443, 49732, 49733 AMAZON-02US United States 11->49 file6 process7 dnsIp8 35 dakvm1hb16unn.cloudfront.net 18.165.185.224, 49705, 49706, 49728 MIT-GATEWAYSUS United States 17->35 37 www.google.com 216.58.206.68, 443, 49710, 49727 GOOGLEUS United States 17->37 25 Chrome Cache Entry: 68, PE32 17->25 dropped file9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
18.165.185.224
 dakvm1hb16unn.cloudfront.net United States
3 MIT-GATEWAYSUS false
108.138.24.183
 d22gsqoq303hfz.cloudfront.net United States
16509 AMAZON-02US false
239.255.255.250
 unknown Reserved
unknown unknown false
216.58.206.68
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.16
192.168.2.4

Contacted Domains

Name IP Active
dakvm1hb16unn.cloudfront.net 18.165.185.224 true
www.google.com 216.58.206.68 true
d22gsqoq303hfz.cloudfront.net 108.138.24.183 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://d22gsqoq303hfz.cloudfront.net/config/dobreprogramy.pl/v3.642.90.219.4 false
  • Avira URL Cloud: safe
 unknown
https://d22gsqoq303hfz.cloudfront.net/assets/schema/1.0/schema.xsd false
  • Avira URL Cloud: safe
 unknown
https://d22gsqoq303hfz.cloudfront.net/assets/RAV_Triple_NCB/images/DOTPS-855/lightBG/EN.png false
  • Avira URL Cloud: safe
 unknown
https://d22gsqoq303hfz.cloudfront.net/report false
  • Avira URL Cloud: safe
 unknown
https://www.screenpresso.com/binaries/releases/stable/dotnet47/Screenpresso.exe false
  • Avira URL Cloud: safe
 unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw false
  • Avira URL Cloud: safe
 unknown
https://d22gsqoq303hfz.cloudfront.net/assets/WebAdvisor/images/943/lightBG/EN.png false
  • Avira URL Cloud: safe
 unknown
https://d22gsqoq303hfz.cloudfront.net/sec false
  • Avira URL Cloud: safe
 unknown
http://dakvm1hb16unn.cloudfront.net/907GFfC/P6HE/screenpresso-6628595676980865-AsystentPobierania.exe false
    		unknown