| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\part1.zip | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Main.txt | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\part1.zip.bin | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ThirdPartyNotices.txt | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\com.microsoft.defender.be.chrome.json | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\com.microsoft.defender.be.firefox.json | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-AMFilter.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-NIS.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-Protection.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-RTP.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-Service.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Windows-Windows Defender.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\mpextms.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MsMpEng.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ProtectionManagement.mof | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ProtectionManagement_Uninstall.mof | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ConfigSecurityPolicy.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpCmdRun.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpCopyAccelerator.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDefenderCoreService.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDlpCmd.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDlpService.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpSenseComm.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpUpdate.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpUxAgent.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MsMpLics.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ProtectionManagement.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\DefenderCSP.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpAsDesc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpCommu.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDetours.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDetoursCopyAccelerator.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpEvMsg.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpOAV.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pack01.zip | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\dllhost2.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\en-EN | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\en-EN\MpClient.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\en-EN\MpDlpCmd.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\MpAsDesc.dll.mui | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\MpClient.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\MpDlpCmd2.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\MpEvMsg.dll.mui | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\mpuxagent.dll.mui | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\ProtectionManagement.dll.mui | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Catalogs | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Catalogs\IGD.CAT | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers\WdBoot.sys | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers\WdDevFlt.sys | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers\WdFilter.sys | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers\WdNisDrv.sys | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\Defender.psd1 | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\DefenderPerformance.psd1 | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpComputerStatus.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPerformanceRecording.psm1 | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPerformanceRecording.wprp | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPerformanceReport.Format.ps1xml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPreference.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpRollback.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpScan.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpSignature.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpThreat.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpThreatCatalog.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpThreatDetection.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpWDOScan.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpClient.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDefenderCoreService.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\BlanketFolding | Jump to behavior |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcomp140d.i386.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: NisSrv.pdb source: dllhost2.exe.10.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcamp140.i386.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: netstandard.pdb.mdb source: Update.exe |
| Source: | Binary string: VaultRoaming.pdbUGP source: VaultRoaming.dll.2.dr |
| Source: | Binary string: WdBoot.pdb source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4072000.00000004.00000800.00020000.00000000.sdmp, Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4035000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\NewHorizon\x64\Release\NewHorizon.pdb source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA3CB5000.00000004.00000800.00020000.00000000.sdmp, MpClient.dll0.10.dr |
| Source: | Binary string: vcamp120.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140d.amd64.pdb/// source: Update.exe, 00000002.00000002.1733253754.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, vcruntime140d.dll.2.dr |
| Source: | Binary string: MpSenseComm.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA95000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcamp140.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: vcamp120.i386.pdb8P source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpDetours.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8C992000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr, MpDetours.dll.10.dr |
| Source: | Binary string: slpts.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002929000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002950000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: MpUxAgent.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpCommu.pdbGCTL source: MpCommu.dll.10.dr |
| Source: | Binary string: shellext.pdbOGPS source: shellext.dll.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcomp140.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpUxAgent.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: WdNisDrv.pdb source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4105000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: MsMpEng.pdbGCTL source: MsMpEng.exe.10.dr |
| Source: | Binary string: SmartcardCredentialProvider.pdb source: SmartcardCredentialProvider.dll.2.dr |
| Source: | Binary string: VaultRoaming.pdb source: VaultRoaming.dll.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, vcruntime140.dll.2.dr |
| Source: | Binary string: PhotoViewer.pdb source: PhotoViewer.dll.2.dr |
| Source: | Binary string: vccorlib120.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: slpts.pdbL source: Update.exe, 00000002.00000002.1733253754.0000000002929000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002950000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcomp140d.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140d.amd64.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, vcruntime140d.dll.2.dr |
| Source: | Binary string: MpUpdate.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpOAV.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA95000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpOAV.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA95000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002A16000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.00000000029EB000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcomp140.i386.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpDetoursCopyAccelerator.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA79000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: vccorlib120.i386.pdb0 source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1d.amd64.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002AD7000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: DefenderCSP.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8C992000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: shellext.pdb source: shellext.dll.2.dr |
| Source: | Binary string: vcomp120.i386.pdb0' source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: WdNisDrv.pdbGCTL source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4105000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: PhotoViewer.pdb@WH source: PhotoViewer.dll.2.dr |
| Source: | Binary string: MpDlpCmd.pdbGCTL source: MpDlpCmd2.exe.10.dr |
| Source: | Binary string: version.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002B24000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002AFD000.00000004.00000800.00020000.00000000.sdmp, version.dll.2.dr |
| Source: | Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: 0039284903284902840932890840928091#U00aaharder.exe |
| Source: | Binary string: MpDetours.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8C992000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr, MpDetours.dll.10.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\vccorlib140.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: SLWGA.pdb source: Update.exe, 00000002.00000002.1733253754.000000000295C000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: vcomp120.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpSenseComm.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA95000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpCommu.pdb source: MpCommu.dll.10.dr |
| Source: | Binary string: MpDetoursCopyAccelerator.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA79000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dllb.pdb source: Treatments?Secure.exe, 00000003.00000002.1754544140.000002CB8D02D000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: WdBoot.pdbGCTL source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4072000.00000004.00000800.00020000.00000000.sdmp, Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4035000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: NisSrv.pdbGCTL source: dllhost2.exe.10.dr |
| Source: | Binary string: MpDlpCmd.pdb source: MpDlpCmd2.exe.10.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1d.amd64.pdb""" source: Update.exe, 00000002.00000002.1733253754.0000000002AD7000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: MsMpEng.pdb source: MsMpEng.exe.10.dr |
| Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb source: Treatments?Secure.exe, 00000003.00000002.1761057385.000002CBA92BD000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: MpUpdate.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: SLWGA.pdbH source: Update.exe, 00000002.00000002.1733253754.000000000295C000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\vccorlib140.i386.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\ScreenTake\x64\Release\ScreenTake.pdb source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA3CB5000.00000004.00000800.00020000.00000000.sdmp, MpDefenderCoreService.dll.10.dr |
| Source: | Binary string: DefenderCSP.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8C992000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: dllhost2.exe.10.dr | String found in binary or memory: http://canonicalizer.ucsuri.tcs/68007400740070003a002f002f00httpsftp://map/set |
| Source: svchost.exe, 00000005.00000002.2921480958.000001DFCE000000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.ver) |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002BBC000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002757000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/TreatmentsSecure.nuspec |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/TreatmentsSecure.nuspecz |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/_rels/.rels |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/AMMonitoringProvider.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/ImagingEngine.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/MpDetoursCopyAccelerator.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/MpOAV.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/PhotoAcq.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/PhotoBase.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/PhotoViewer.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/Readme.txt |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/SmartCardSimulator.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/SmartcardCredentialProvider.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/Treatments?Secure.exe |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/Treatments?Secure.exez |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/Treatments?Secure_ExecutionStub.exe |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/VaultRoaming.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/aeevts.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/aeinv.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/aelupsvc.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/aelupsvc.dllz |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/aepdu.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/part1.cab |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/shellext.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/slpts.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/slpts.dllz |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/slwga.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/vcruntime140.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/vcruntime140_1.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/vcruntime140_1d.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/vcruntime140d.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/verifier.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/lib/net48/version.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002BBC000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002757000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/package/services/metadata/core-properties/1fd1c4030bbc455c86f64fbcf96402fa.p |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.bsdiff |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.cab |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.diff |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.dll |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.exe |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.nuspec |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcp |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.rels |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.shasum |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002B8B000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://defaultcontainer/tempfiles/sample.txt |
| Source: MpCommu.dll.10.dr | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest |
| Source: MpCommu.dll.10.dr | String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd |
| Source: svchost.exe, 00000005.00000003.1727609289.000001DFCE218000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU |
| Source: edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5 |
| Source: edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n |
| Source: edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/ |
| Source: svchost.exe, 00000005.00000003.1727609289.000001DFCE218000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567 |
| Source: svchost.exe, 00000005.00000003.1727609289.000001DFCE218000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg |
| Source: svchost.exe, 00000005.00000003.1727609289.000001DFCE24D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe |
| Source: edb.log.5.dr | String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
| Source: Update.exe, 00000002.00000002.1733253754.0000000002730000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.openxmlformats.or |
| Source: MpCommu.dll.10.dr | String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous |
| Source: Treatments?Secure.exe, 00000003.00000002.1758368532.000002CB8ECA1000.00000004.00000800.00020000.00000000.sdmp, Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA3B11000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
| Source: Treatments?Secure.exe, 00000003.00000002.1758368532.000002CB8ECA1000.00000004.00000800.00020000.00000000.sdmp, Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA3B11000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://tempuri.org/schoolDataSet.xsd |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.coml |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fonts.com |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sakkal.com |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.com |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.typography.netD |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
| Source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA95000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr | String found in binary or memory: http://www.validationtest.contoso.com/test%ld.htmlMpOAV_ForceDeepScan |
| Source: Treatments?Secure.exe, 00000003.00000002.1759843144.000002CBA87B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
| Source: Update.exe | String found in binary or memory: https://api.github.com/# |
| Source: svchost.exe, 00000005.00000003.1727609289.000001DFCE2C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6 |
| Source: edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/Prod.C: |
| Source: edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2 |
| Source: edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C: |
| Source: svchost.exe, 00000005.00000003.1727609289.000001DFCE2C2000.00000004.00000800.00020000.00000000.sdmp, edb.log.5.dr | String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96 |
| Source: Update.exe | String found in binary or memory: https://github.com/myuser/myrepo |
| Source: svchost.exe, 00000005.00000003.1727609289.000001DFCE2C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.5.dr, edb.log.5.dr | String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe |
| Source: edb.log.5.dr | String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C: |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: sxs.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: logoncli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: dwrite.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: msvcp140_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: linkinfo.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: ntshrui.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: cscapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: appresolver.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: slc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: sppc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: wtsapi32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: winsta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: powrprof.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: umpdc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: d3d9.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: d3d10warp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: textshaping.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: dataexchange.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: d3d11.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: dcomp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: dxgi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: msctfui.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: uiautomationcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: dxcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: sxs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Section loaded: explorerframe.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: dwrite.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: textshaping.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: appresolver.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: slc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: sppc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: pcacli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: sfc_os.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: windowscodecs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: qmgr.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: bitsperf.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: powrprof.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: firewallapi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: esent.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: umpdc.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: fwbase.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: flightsettings.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: netprofm.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: npmproxy.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: bitsigd.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: upnp.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ssdpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: appxdeploymentclient.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wsmauto.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: miutils.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wsmsvc.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dsrole.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: pcwum.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: mi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: gpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wkscli.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: msv1_0.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ntlmshared.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: cryptdll.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: webio.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: winnsi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: rmclient.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: usermgrcli.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelclient.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelproxy.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: resourcepolicyclient.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: vssapi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: vsstrace.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: samcli.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: samlib.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: es.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: bitsproxy.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: schannel.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: mskeyprotect.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ncryptsslp.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: msasn1.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dpapi.dll | Jump to behavior |
| Source: C:\Windows\System32\svchost.exe | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Windows\System32\cmd.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: mscoree.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: vcruntime140_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: ucrtbase_clr0400.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: cryptsp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: rsaenh.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: cryptbase.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: dwrite.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: textshaping.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: appresolver.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: slc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: sppc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Windows\System32\shutdown.exe | Section loaded: shutdownext.dll | |
| Source: C:\Windows\System32\shutdown.exe | Section loaded: sspicli.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: licensemanagersvc.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: licensemanager.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: clipc.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\part1.zip | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Main.txt | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\part1.zip.bin | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ThirdPartyNotices.txt | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\com.microsoft.defender.be.chrome.json | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\com.microsoft.defender.be.firefox.json | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-AMFilter.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-NIS.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-Protection.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-RTP.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Antimalware-Service.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Microsoft-Windows-Windows Defender.man | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\mpextms.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MsMpEng.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ProtectionManagement.mof | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ProtectionManagement_Uninstall.mof | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ConfigSecurityPolicy.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpCmdRun.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpCopyAccelerator.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDefenderCoreService.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDlpCmd.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDlpService.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpSenseComm.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpUpdate.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpUxAgent.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MsMpLics.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\ProtectionManagement.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\DefenderCSP.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpAsDesc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpCommu.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDetours.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDetoursCopyAccelerator.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpEvMsg.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpOAV.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pack01.zip | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\dllhost2.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\en-EN | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\en-EN\MpClient.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\en-EN\MpDlpCmd.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\MpAsDesc.dll.mui | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\MpClient.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\MpDlpCmd2.exe | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\MpEvMsg.dll.mui | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\mpuxagent.dll.mui | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\pt-BR\ProtectionManagement.dll.mui | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Catalogs | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Catalogs\IGD.CAT | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers\WdBoot.sys | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers\WdDevFlt.sys | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers\WdFilter.sys | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Drivers\WdNisDrv.sys | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\Defender.psd1 | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\DefenderPerformance.psd1 | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpComputerStatus.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPerformanceRecording.psm1 | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPerformanceRecording.wprp | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPerformanceReport.Format.ps1xml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpPreference.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpRollback.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpScan.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpSignature.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpThreat.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpThreatCatalog.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpThreatDetection.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\Powershell\MSFT_MpWDOScan.cdxml | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpClient.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\Statistical Flexibility\MpDefenderCoreService.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Directory created: C:\Program Files\BlanketFolding | Jump to behavior |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcomp140d.i386.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: NisSrv.pdb source: dllhost2.exe.10.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcamp140.i386.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: netstandard.pdb.mdb source: Update.exe |
| Source: | Binary string: VaultRoaming.pdbUGP source: VaultRoaming.dll.2.dr |
| Source: | Binary string: WdBoot.pdb source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4072000.00000004.00000800.00020000.00000000.sdmp, Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4035000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\NewHorizon\x64\Release\NewHorizon.pdb source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA3CB5000.00000004.00000800.00020000.00000000.sdmp, MpClient.dll0.10.dr |
| Source: | Binary string: vcamp120.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140d.amd64.pdb/// source: Update.exe, 00000002.00000002.1733253754.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, vcruntime140d.dll.2.dr |
| Source: | Binary string: MpSenseComm.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA95000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcamp140.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: vcamp120.i386.pdb8P source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpDetours.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8C992000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr, MpDetours.dll.10.dr |
| Source: | Binary string: slpts.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002929000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002950000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: MpUxAgent.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpCommu.pdbGCTL source: MpCommu.dll.10.dr |
| Source: | Binary string: shellext.pdbOGPS source: shellext.dll.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcomp140.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpUxAgent.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: WdNisDrv.pdb source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4105000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: MsMpEng.pdbGCTL source: MsMpEng.exe.10.dr |
| Source: | Binary string: SmartcardCredentialProvider.pdb source: SmartcardCredentialProvider.dll.2.dr |
| Source: | Binary string: VaultRoaming.pdb source: VaultRoaming.dll.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002A3D000.00000004.00000800.00020000.00000000.sdmp, vcruntime140.dll.2.dr |
| Source: | Binary string: PhotoViewer.pdb source: PhotoViewer.dll.2.dr |
| Source: | Binary string: vccorlib120.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: slpts.pdbL source: Update.exe, 00000002.00000002.1733253754.0000000002929000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002950000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcomp140d.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140d.amd64.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002A8A000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002A63000.00000004.00000800.00020000.00000000.sdmp, vcruntime140d.dll.2.dr |
| Source: | Binary string: MpUpdate.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpOAV.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA95000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpOAV.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA95000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\StubExecutable.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002A16000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.00000000029EB000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\\vcomp140.i386.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpDetoursCopyAccelerator.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA79000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: vccorlib120.i386.pdb0 source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1d.amd64.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002AD7000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: DefenderCSP.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8C992000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: shellext.pdb source: shellext.dll.2.dr |
| Source: | Binary string: vcomp120.i386.pdb0' source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: WdNisDrv.pdbGCTL source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4105000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: PhotoViewer.pdb@WH source: PhotoViewer.dll.2.dr |
| Source: | Binary string: MpDlpCmd.pdbGCTL source: MpDlpCmd2.exe.10.dr |
| Source: | Binary string: version.pdb source: Update.exe, 00000002.00000002.1733253754.0000000002B24000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002AFD000.00000004.00000800.00020000.00000000.sdmp, version.dll.2.dr |
| Source: | Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: 0039284903284902840932890840928091#U00aaharder.exe |
| Source: | Binary string: MpDetours.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8C992000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr, MpDetours.dll.10.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\vccorlib140.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: SLWGA.pdb source: Update.exe, 00000002.00000002.1733253754.000000000295C000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: vcomp120.i386.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpSenseComm.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA95000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: MpCommu.pdb source: MpCommu.dll.10.dr |
| Source: | Binary string: MpDetoursCopyAccelerator.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CA79000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dllb.pdb source: Treatments?Secure.exe, 00000003.00000002.1754544140.000002CB8D02D000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: WdBoot.pdbGCTL source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4072000.00000004.00000800.00020000.00000000.sdmp, Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA4035000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: NisSrv.pdbGCTL source: dllhost2.exe.10.dr |
| Source: | Binary string: MpDlpCmd.pdb source: MpDlpCmd2.exe.10.dr |
| Source: | Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1d.amd64.pdb""" source: Update.exe, 00000002.00000002.1733253754.0000000002AD7000.00000004.00000800.00020000.00000000.sdmp, Update.exe, 00000002.00000002.1733253754.0000000002AB1000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: MsMpEng.pdb source: MsMpEng.exe.10.dr |
| Source: | Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.pdb source: Treatments?Secure.exe, 00000003.00000002.1761057385.000002CBA92BD000.00000004.00000020.00020000.00000000.sdmp |
| Source: | Binary string: MpUpdate.pdb source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: SLWGA.pdbH source: Update.exe, 00000002.00000002.1733253754.000000000295C000.00000004.00000800.00020000.00000000.sdmp |
| Source: | Binary string: D:\a\_work\1\s\\binaries\x86ret\bin\i386\vccorlib140.i386.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8CC14000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: | Binary string: C:\Users\DeveloperSys\Documents\Embarcadero\Studio\Projects\DLL New Completa\Projeto C++\ScreenTake\x64\Release\ScreenTake.pdb source: Treatments?Secure.exe, 0000000A.00000002.2921626182.0000024FA3CB5000.00000004.00000800.00020000.00000000.sdmp, MpDefenderCoreService.dll.10.dr |
| Source: | Binary string: DefenderCSP.pdbGCTL source: Treatments?Secure.exe, 00000003.00000000.1714161486.000002CB8C992000.00000002.00000001.01000000.00000008.sdmp, Treatments?Secure.exe.2.dr |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpDetours.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140_1d.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140_1.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpDefenderCoreService.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\dllhost2.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\pt-BR\MpDlpCmd2.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpUpdate.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\DefenderCSP.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\PhotoBase.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\PhotoAcq.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aeinv.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aelupsvc.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpDlpCmd.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\en-EN\MpClient.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpCopyAccelerator.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\shellext.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\ProtectionManagement.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\pt-BR\mpuxagent.dll.mui | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\MpOAV.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpDlpService.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MsMpLics.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\verifier.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\pt-BR\MpEvMsg.dll.mui | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpUxAgent.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\pt-BR\MpAsDesc.dll.mui | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MsMpEng.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\ConfigSecurityPolicy.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpCmdRun.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\Drivers\WdDevFlt.sys | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\mpextms.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\SmartCardSimulator.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\VaultRoaming.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\pt-BR\ProtectionManagement.dll.mui | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpOAV.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\version.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\Drivers\WdFilter.sys | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\SmartcardCredentialProvider.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\slpts.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpDetoursCopyAccelerator.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\ImagingEngine.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\AMMonitoringProvider.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\Drivers\WdBoot.sys | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpSenseComm.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\pt-BR\MpClient.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aepdu.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aeevts.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\Update.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\Drivers\WdNisDrv.sys | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\slwga.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\Treatments?Secure.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpDefenderCoreService.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140d.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\PhotoViewer.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpAsDesc.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpClient.dll | Jump to dropped file |
| Source: C:\Users\user\Desktop\0039284903284902840932890840928091#U00aaharder.exe | File created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpCommu.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\en-EN\MpDlpCmd.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | File created: C:\Program Files\Statistical Flexibility\MpEvMsg.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | File created: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\MpDetoursCopyAccelerator.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpDetours.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140_1d.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\pt-BR\MpDlpCmd2.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140_1.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\dllhost2.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpDefenderCoreService.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpUpdate.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\DefenderCSP.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\PhotoBase.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\PhotoAcq.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aeinv.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aelupsvc.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpDlpCmd.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\en-EN\MpClient.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpCopyAccelerator.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\shellext.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\ProtectionManagement.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\pt-BR\mpuxagent.dll.mui | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\MpOAV.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpDlpService.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MsMpLics.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\pt-BR\MpEvMsg.dll.mui | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\verifier.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpUxAgent.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\pt-BR\MpAsDesc.dll.mui | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MsMpEng.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\ConfigSecurityPolicy.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpCmdRun.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\mpextms.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\Drivers\WdDevFlt.sys | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\pt-BR\ProtectionManagement.dll.mui | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\SmartCardSimulator.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\VaultRoaming.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpOAV.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\Drivers\WdFilter.sys | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\SmartcardCredentialProvider.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\slpts.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpDetoursCopyAccelerator.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\ImagingEngine.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\Drivers\WdBoot.sys | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\AMMonitoringProvider.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpSenseComm.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\pt-BR\MpClient.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\Drivers\WdNisDrv.sys | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aepdu.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\aeevts.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\Treatments?Secure.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\slwga.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpDefenderCoreService.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\vcruntime140d.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\PhotoViewer.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpAsDesc.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpClient.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpCommu.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\en-EN\MpDlpCmd.exe | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\Treatments?Secure.exe | Dropped PE file which has not been started: C:\Program Files\Statistical Flexibility\MpEvMsg.dll | Jump to dropped file |
| Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe | Dropped PE file which has not been started: C:\Users\user\AppData\Local\TreatmentsSecure\app-1.0.0\MpDetoursCopyAccelerator.dll | Jump to dropped file |
Edit tour
0039284903284902840932890840928091#U00aaharder.exe (PID: 6252 cmdline: 
Update.exe (PID: 6544 cmdline: 
cmd.exe (PID: 6580 cmdline: 
