Windows Analysis Report
petst.exe

Overview

General Information

Sample name: petst.exe
Analysis ID: 1524335
MD5: 2ed275f10d8631382b8339e77e686261
SHA1: 78ce6c52ed9afaf4f3f2fda4f74bd9746d65ff6a
SHA256: be8f19006c6f15ed374ac71a99ce7ea0fc4426d453ead4ecef25a6a87efd755c
Infos:

Detection

Score: 38
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Queries disk data (e.g. SMART data)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive port information (via WMI, Win32_SerialPort, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Binary contains a suspicious time stamp
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: petst.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.PassMark Software Pty Ltd (PassMark)End User License Agreement (EULA)IMPORTANT! PLEASE READ THE FOLLOWING TERMS AND CONDITIONS.YOU THE INSTALLER OF THIS SOFTWARE AGREE THAT ALL OF THE TERMS AND CONDITIONS DESCRIBED BELOW APPLY TO YOU AND ANYONE ELSE WHO USES THIS SOFTWARE IF EITHER;YOU CLICK THE ACCEPT BUTTON OR YOU COPY INSTALL OR USE THIS COPY OF PASSMARK SOFTWARE OR YOU PERMIT OR ENABLE OTHERS TO COPY INSTALL OR USE THIS PASSMARK SOFTWARE.IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS AND CONDITIONS DESCRIBED BELOW PLEASE TERMINATE INSTALLATION IMMEDIATELY AND DO NOT USE THIS SOFTWARE.SOFTWARE COVERED BY THIS LICENCEThis license agreement (Agreement) applies only to the version of the software package PerformanceTest V11 with which this Agreement is included. Different license terms may apply to other software packages from PassMark and license terms for later versions of PerformanceTest may also be changed.TITLEPassMark or its licensors own the PerformanceTest software package including all materials included with the package. PassMark owns the names and marks of PassMark PerformanceTest under copyright trademark and intellectual property laws and all other applicable laws.TERMINATIONThis license will terminate automatically if you fail to comply with any of the terms and conditions limitations and obligations described herein. On termination you must destroy all copies of the PassMark package and all other materials downloaded as part of the package.Trial VersionIf you are using a trial version of PerformanceTest then you must uninstall the software after the trial period of thirty (30) days has elapsed.DISCLAIMER OF WARRANTYPassMark disclaims any and all warranties express or implied including any implied warranties as to merchantability or fitness for a particular purpose. You acknowledge and agree that you had full opportunity to test PerformanceTest before any live public or production use that you assume full responsibility for selecting and using PerformanceTest and any files that may created through the use of PerformanceTest and that if you use PerformanceTest improperly or against instructions you can cause damage to your files software data or business. The entire risk as to quality and performance of PerformanceTest is borne by you. This disclaimer of warranty constitutes an essential part of the agreement. Some jurisdictions do allow exclusions of an implied warranty so this disclaimer may not apply to you and you may have other legal rights that vary by jurisdiction.LIMITATION OF LIABILITYIn no event shall PassMark its officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of PerformanceTest f
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.PassMark Software Pty Ltd (PassMark)End User License Agreement (EULA)IMPORTANT! PLEASE READ THE FOLLOWING TERMS AND CONDITIONS.YOU THE INSTALLER OF THIS SOFTWARE AGREE THAT ALL OF THE TERMS AND CONDITIONS DESCRIBED BELOW APPLY TO YOU AND ANYONE ELSE WHO USES THIS SOFTWARE IF EITHER;YOU CLICK THE ACCEPT BUTTON OR YOU COPY INSTALL OR USE THIS COPY OF PASSMARK SOFTWARE OR YOU PERMIT OR ENABLE OTHERS TO COPY INSTALL OR USE THIS PASSMARK SOFTWARE.IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS AND CONDITIONS DESCRIBED BELOW PLEASE TERMINATE INSTALLATION IMMEDIATELY AND DO NOT USE THIS SOFTWARE.SOFTWARE COVERED BY THIS LICENCEThis license agreement (Agreement) applies only to the version of the software package PerformanceTest V11 with which this Agreement is included. Different license terms may apply to other software packages from PassMark and license terms for later versions of PerformanceTest may also be changed.TITLEPassMark or its licensors own the PerformanceTest software package including all materials included with the package. PassMark owns the names and marks of PassMark PerformanceTest under copyright trademark and intellectual property laws and all other applicable laws.TERMINATIONThis license will terminate automatically if you fail to comply with any of the terms and conditions limitations and obligations described herein. On termination you must destroy all copies of the PassMark package and all other materials downloaded as part of the package.Trial VersionIf you are using a trial version of PerformanceTest then you must uninstall the software after the trial period of thirty (30) days has elapsed.DISCLAIMER OF WARRANTYPassMark disclaims any and all warranties express or implied including any implied warranties as to merchantability or fitness for a particular purpose. You acknowledge and agree that you had full opportunity to test PerformanceTest before any live public or production use that you assume full responsibility for selecting and using PerformanceTest and any files that may created through the use of PerformanceTest and that if you use PerformanceTest improperly or against instructions you can cause damage to your files software data or business. The entire risk as to quality and performance of PerformanceTest is borne by you. This disclaimer of warranty constitutes an essential part of the agreement. Some jurisdictions do allow exclusions of an implied warranty so this disclaimer may not apply to you and you may have other legal rights that vary by jurisdiction.LIMITATION OF LIABILITYIn no event shall PassMark its officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of PerformanceTest f
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-7N7GA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-R957H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-6CSRR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-JQA2K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-GC7AO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-3U9IO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-0QCMU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-GJRP5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-T9C6F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-SDVKA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-NLFHM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-8DGTT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-63OP6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-FFCOU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-UMOBR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-CQ0FJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-4FNSM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-TPV1C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-KC594.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-JQP10.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-JVAEM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BTJ2D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-CHTH9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BSMOR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BHLGV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-FFQ4P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-PKFG3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-71PHT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-C3G98.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-5U057.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3BELA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-B7QQU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-7GI1A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-5KHKG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-2THKK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-SS3MK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BM06S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3B1NB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3TG5S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-1C2RQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-55SBN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-D5G6G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-HG14O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-V32L6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-KRI5I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-4QFEO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-VAOH0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-84V1G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-S15E6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-AEAGR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-5S5ED.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-5LRJH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-AM03A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-HJB1G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-HCG4N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-0UPI0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3606N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-1UV9G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-B7NVL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-FVDNM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-F25U4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-D405I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-D0HEV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-ISMJA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-8A1JA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-B1N6E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-KS46E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-NSI7L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-2M1K0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-MO4GU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-QN8TQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-2UKBF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-8J0HV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-CH4TN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-DK7GQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-V1S9E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-6UJ2U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-JENPJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-91KV6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-67B0D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BKM0M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3E55A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-PAHCN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-M1P32.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-1TS8U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-1G3LJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-EV615.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-E2CO5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-0ESTF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-JLUJ7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-87387.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-TIFQF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-49140.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-M3RQT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-0BUHL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox\is-EA5ON.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox\is-SBI69.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox\is-2O1TD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox\is-SDGH8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Structures Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Structures\is-1K1LM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Structures\is-H67I4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-56TVG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-KEIUN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-TDS83.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-RSKP6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-SC9PU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Transparency Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Transparency\is-1AULR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\UI Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\UI\is-EM9QN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\misc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\misc\is-8ANHA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\UI\is-J1HPE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\models Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\models\FaceDetect Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\models\FaceDetect\is-U69MC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\models\FaceDetect\is-ENGC9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\is-5Q5K5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-18QUP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-L4541.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-0UTFI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-HOQVI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-FT8UM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-MOR6I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-6HSBA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-G07L6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-VO41T.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-43D9O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-DFBQ7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-BTTQR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-TQV57.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-Q0HTB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-8EKB4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-6CVQ9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-METPC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-M6IL2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-5AU0N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-RGE17.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-08Q33.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-KQA8L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-VC6HO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-JUL1E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-12AR5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-ED2JT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-ISN90.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-TDRGL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-LO9E9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-5JIMI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-VRR56.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-DHG8L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-ETNT7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-S5SKB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-GTKP3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-QOO75.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-RK6SO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-EOBL0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-47KBE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-UTSDU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-3ORLK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-UTI4A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-RQDN0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-UMO2N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-RMM4I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-R17I1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-2OEAH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-PM6F9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-2DMQB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-RC6HR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-SPJ8N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-EEH1B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-3V4RM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-K1ARJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-TRV8D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-64TAM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-1EK1B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-33FAV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-F1GK9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-35R11.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-88AO3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-AKBVN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-EANB3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-MAHU5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-9S80M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-DSJTK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-UUAVK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-5VFVP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-DU9FR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-HCJCE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-7E0OJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-QRN7M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-VRHEB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-56DNS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-381GP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-DPBRJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-1KCOT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-90RFM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-L5VMT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-PV259.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-LBP09.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-1J87L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-G8DDO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-VACIF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-MRA99.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-UQGNH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-KFIC2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-8B9KU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-6SHCI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-Q70R1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-511SH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-F0I2D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-HN1MU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-T3HHT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-5AGU0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-456KL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-23N95.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-656VU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-IHC35.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-4UU9D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-QKSNU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-DKECS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-MVDIO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-HTK2E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-MJHC2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-FUS4E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-SSJ7I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-2RL5F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-S1F28.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-E29MC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-E5KGA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-RFES8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-GGGB8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-R0JMF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-MFOFP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-BTSKJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-9UMBR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-MCNSE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-59BSM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-GTM05.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-T7ESP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-R0J42.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-L7N1Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-ERSKP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-JPQAP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-HBVD3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-6HJTS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-BHAC4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-Q3HMK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-TCHR8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-1N43L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-HOV41.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-01CL1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-6UOM9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-066PT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-INEU5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-D47EO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-4NP9V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-0CERA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-03G0A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-HR90I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-OOE62.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-ILOMN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-2V8K8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-7J8R7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-M94U9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-KO0EQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-QIT7M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-OQL3E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-GESAC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-ORNQB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-MNUCD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-IQOI0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-P9264.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-UHS43.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-95MO4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-AM0JK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-08HH9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-A6CAP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-HEP4K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-6R392.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-8FGFI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-GVV16.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-EVEFK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-6T573.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-LAE8N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-MSOE1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-C0649.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\unins000.msg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PerformanceTest 11_is1 Jump to behavior
Source: petst.exe Static PE information: certificate valid
Source: unknown HTTPS traffic detected: 216.146.212.71:443 -> 192.168.11.20:49768 version: TLS 1.2
Source: petst.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\opencv-build\bin\Release\opencv_imgproc460.pdb source: petst.tmp, 00000002.00000003.44920361218.0000000005B90000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\PerformanceTest\_Build\Release\debug64\PerformanceTest\PerformanceTest64.pdb source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d3d11ref.pdb"; source: petst.tmp, 00000002.00000003.44920361218.0000000005B90000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d3d11ref.pdb source: petst.tmp, 00000002.00000003.44920361218.0000000005B90000.00000004.00001000.00020000.00000000.sdmp
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /baselines/V10/modelList.php?key=TRIAL_DAY0&type=cpu HTTP/1.1Accept-Encoding: gzip,deflateUser-Agent: PerformanceTest - passmark.comHost: www.passmark.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /baselines/V10/modelList.php?key=TRIAL_DAY0&type=gpu HTTP/1.1Accept-Encoding: gzip,deflateUser-Agent: PerformanceTest - passmark.comHost: www.passmark.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /baselines/V10/modelList.php?key=TRIAL_DAY0&type=ram HTTP/1.1Accept-Encoding: gzip,deflateUser-Agent: PerformanceTest - passmark.comHost: www.passmark.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /baselines/V10/modelList.php?key=TRIAL_DAY0&type=hdd HTTP/1.1Accept-Encoding: gzip,deflateUser-Agent: PerformanceTest - passmark.comHost: www.passmark.comCache-Control: no-cache
Source: global traffic DNS traffic detected: DNS query: www.passmark.com
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://creativecommons.org/licenses/publicdomain/
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://creativecommons.org/ns#
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://creativecommons.org/ns#DerivativeWorks
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://creativecommons.org/ns#Distribution
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://creativecommons.org/ns#Reproduction
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com0
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com0
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://openclipart.org/
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://openclipart.org/detail/140179/mustang-500gt-by-rents
Source: petst.tmp, 00000002.00000003.44920361218.0000000005F79000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://opencv.org/D
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://sozi.baierouge.fr
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.inkscape.org/namespaces/inkscape
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://http://HTTP/1.0HttpSendRequestThread
Source: petst.exe, 00000000.00000000.44364781501.0000000000401000.00000020.00000001.01000000.00000003.sdmp String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.00000000033EE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://openclipart.org/detail/188361/a-10-thunderbolt-by-charner1963-188361
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sectigo.com/CPS0
Source: PerformanceTest64.exe, 00000006.00000003.44935228125.0000000002352000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44920045860.0000000002312000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cpubenchmark.net
Source: PerformanceTest64.exe, 00000006.00000003.44935228125.0000000002352000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cpubenchmark.net;
Source: PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.cpubenchmark.netPA
Source: PerformanceTest64.exe, 00000006.00000003.44935228125.0000000002352000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cpubenchmark.net_
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cpubenchmark.netopenhttps://www.passmark.com/baselinesPerformanceTest%0.1fthstndrdth%d%s
Source: PerformanceTest64.exe, 00000006.00000003.44925786973.000000000232E000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44920045860.0000000002312000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cpubenchmark.netz
Source: petst.exe, 00000000.00000003.44367667503.000000007FB7B000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002950000.00000004.00001000.00020000.00000000.sdmp, petst.tmp, 00000002.00000000.44370223318.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.innosetup.com/
Source: PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.passmark.com
Source: petst.exe, 00000000.00000003.44365337848.0000000002950000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp, petst.tmp, 00000002.00000003.44372501121.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/
Source: petst.exe, 00000000.00000003.44933747576.0000000002496000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/AhI
Source: PerformanceTest64.exe, 00000006.00000003.44922138250.0000000000643000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.passmark.com/baselines
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselines/V10/archive/%s%d/%d%S.ziphttps://www.passmark.com/baselines/V9/ar
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselines/V10/modelList.php
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselines/V10/upload-v1031000.php%s
Source: PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.passmark.com/baselines/V11/display.php?id=
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselines/V11/display.php?id=%d%05d6#%lld.ptx8open1Copyhttps://www.passmark
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselines/V11/generate_histdata.php
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselines/V11/generate_histdata.php&chartType=&modelId=cacheServerTimeout
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselines/V11/upload.php%d%05duserFile=&DEBUG&apikey=DebugLogSuccessDEBUG:
Source: PerformanceTest64.exe, 00000006.00000003.44922047096.000000000063C000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44920179311.0000000000601000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44923262705.0000000000645000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44922138250.0000000000643000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselines5
Source: PerformanceTest64.exe, 00000006.00000003.44931363172.0000000002440000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselinescorrect
Source: PerformanceTest64.exe, 00000006.00000003.44931363172.0000000002440000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/baselinessts:_
Source: PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.passmark.com/baselinesyCould
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/checkversion/index.phpa=%d&v=%d&k=%sresult=trueIBLK
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.0000000002B95000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000000.44906865086.000000014055C000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.passmark.com/checkversion/keytoapi.phpa=%shttps://www.passmark.com/checkversion/validate
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/https://www.passmark.com/openResultsResultsTemperatureResultsTemperatureRes
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/manage_services.phphttps://www.passmark.com/mybaselines/ADV_DBBENCHMARK_RES
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/mybaselines/openhttps://www.passmark.com/mybaselines/https://www.passmark.c
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/newuser.phphttps://www.passmark.com/manage_services.phphttps://www.passmark
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/padfiles/petst.xml
Source: PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.passmark.com/sales
Source: PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.passmark.com/sales/upgrade
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/sales/upgradeopenArialx:
Source: PerformanceTest64.exe, 00000006.00000003.44922047096.000000000063C000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44920179311.0000000000601000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44923262705.0000000000645000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44922138250.0000000000643000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/salesJ
Source: PerformanceTest64.exe, 00000006.00000003.44931363172.0000000002440000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/salesY
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/salesordering.htmhttps://www.passmark.com/support/keyhelp.htmopenNo
Source: PerformanceTest64.exe, 00000006.00000003.44931363172.0000000002440000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/salesz
Source: PerformanceTest64.exe, 00000006.00000003.44920179311.0000000000601000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.passmark.com/support
Source: PerformanceTest64.exe, 00000006.00000003.44924228344.0000000002289000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44931596526.0000000000633000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44924981661.0000000002263000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44929614931.0000000000600000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44922223379.0000000002262000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44930463816.0000000000606000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44930631441.0000000000623000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp, PerformanceTest64.exe, 00000006.00000003.44925702619.000000000226B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/support/
Source: PerformanceTest64.exe, 00000006.00000003.44934144215.000000000064C000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44931596526.0000000000633000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44929614931.0000000000600000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44930463816.0000000000606000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44930631441.0000000000623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/support/T
Source: PerformanceTest64.exe, 00000006.00000003.44924228344.0000000002289000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44922223379.0000000002262000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/support/XE
Source: PerformanceTest64.exe, 00000006.00000003.44934144215.000000000064C000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44931596526.0000000000633000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44929614931.0000000000600000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44930463816.0000000000606000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44930631441.0000000000623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/support/b
Source: PerformanceTest64.exe, 00000006.00000003.44924228344.0000000002289000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44922223379.0000000002262000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/support/jF
Source: PerformanceTest64.exe, 00000006.00000000.44907833301.0000000142F3F000.00000002.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.passmark.com/support/keyhelp.htm
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/support/keyhelp.htmNoise
Source: PerformanceTest64.exe, 00000006.00000003.44924228344.0000000002289000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44922223379.0000000002262000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/support/lF
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/support/openDebug:
Source: PerformanceTest64.exe, 00000006.00000003.44934144215.000000000064C000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44931596526.0000000000633000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44929614931.0000000000600000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44930463816.0000000000606000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44930631441.0000000000623000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.com/support/~
Source: PerformanceTest64.exe, 00000006.00000003.44922047096.000000000063C000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44920179311.0000000000601000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44923262705.0000000000645000.00000004.00000020.00020000.00000000.sdmp, PerformanceTest64.exe, 00000006.00000003.44922138250.0000000000643000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.passmark.comq
Source: petst.exe, 00000000.00000003.44367667503.000000007FB7B000.00000004.00001000.00020000.00000000.sdmp, petst.exe, 00000000.00000003.44366193671.0000000002950000.00000004.00001000.00020000.00000000.sdmp, petst.tmp, 00000002.00000000.44370223318.0000000000401000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.remobjects.com/ps
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown HTTPS traffic detected: 216.146.212.71:443 -> 192.168.11.20:49768 version: TLS 1.2
PE file contains executable resources (Code or Archives)
Source: petst.tmp.0.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-7N7GA.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-HR90I.tmp.2.dr Static PE information: Resource name: RT_VERSION type: x86 executable not stripped
Source: is-GESAC.tmp.2.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: is-LAE8N.tmp.2.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
PE file contains more sections than normal
Source: is-03G0A.tmp.2.dr Static PE information: Number of sections : 20 > 10
Source: is-0CERA.tmp.2.dr Static PE information: Number of sections : 20 > 10
Source: is-7J8R7.tmp.2.dr Static PE information: Number of sections : 12 > 10
Sample file is different than original file name gathered from version info
Source: petst.exe, 00000000.00000003.44367667503.000000007FE2F000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs petst.exe
Source: petst.exe, 00000000.00000000.44365091755.00000000004B9000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFileName vs petst.exe
Source: petst.exe, 00000000.00000003.44366193671.0000000002A22000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFileName vs petst.exe
Uses 32bit PE files
Source: petst.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: is-R957H.tmp.2.dr Static PE information: Section: .dummy1 ZLIB complexity 0.99859375
Source: classification engine Classification label: sus38.spyw.evad.winEXE@8/681@1/1
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Users\user\Desktop\PerformanceTest.lnk Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6360:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6360:120:WilError_03
Source: C:\Users\user\Desktop\petst.exe File created: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp Jump to behavior
Source: C:\Users\user\Desktop\petst.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\Desktop\petst.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File read: C:\Program Files\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\petst.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: C:\Users\user\Desktop\petst.exe File read: C:\Users\user\Desktop\petst.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2T6FH.tmp\_isetup\_setup64.tmp Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess
Source: unknown Process created: C:\Users\user\Desktop\petst.exe "C:\Users\user\Desktop\petst.exe"
Source: C:\Users\user\Desktop\petst.exe Process created: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp "C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp" /SL5="$103CA,82096316,744960,C:\Users\user\Desktop\petst.exe"
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process created: C:\Users\user\AppData\Local\Temp\is-2T6FH.tmp\_isetup\_setup64.tmp helper 105 0x4D8
Source: C:\Users\user\AppData\Local\Temp\is-2T6FH.tmp\_isetup\_setup64.tmp Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process created: C:\Program Files\PerformanceTest\PerformanceTest64.exe "C:\Program Files\PerformanceTest\PerformanceTest64.exe" /l en
Source: C:\Users\user\Desktop\petst.exe Process created: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp "C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp" /SL5="$103CA,82096316,744960,C:\Users\user\Desktop\petst.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process created: C:\Users\user\AppData\Local\Temp\is-2T6FH.tmp\_isetup\_setup64.tmp helper 105 0x4D8 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process created: C:\Program Files\PerformanceTest\PerformanceTest64.exe "C:\Program Files\PerformanceTest\PerformanceTest64.exe" /l en Jump to behavior
Source: C:\Users\user\Desktop\petst.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\petst.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\petst.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: icm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2T6FH.tmp\_isetup\_setup64.tmp Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2T6FH.tmp\_isetup\_setup64.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: d2d1.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: atiadlxx.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: atiadlxy.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: atiadlxx.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: atiadlxy.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: nvapi64.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: d3dx9_43.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: d3dx9_43.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: d3dref9.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: riched32.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: perfos.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: nvapi64.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: atiadlxx.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: ati2edxx.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: ze_loader.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: igfxdbgxchg64.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Section loaded: vbscript.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: PerformanceTest.lnk.2.dr LNK file: ..\..\..\..\..\..\Program Files\PerformanceTest\PerformanceTest64.exe
Source: PerformanceTest Documentation.lnk.2.dr LNK file: ..\..\..\..\..\..\Program Files\PerformanceTest\PerformanceTest_Help.exe
Source: PerformanceTest.lnk0.2.dr LNK file: ..\..\..\Program Files\PerformanceTest\PerformanceTest64.exe
Source: Uninstall PerformanceTest.lnk.2.dr LNK file: ..\..\..\..\..\..\Program Files\PerformanceTest\unins000.exe
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Window found: window name: TSelectLanguageForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Automated click: I accept the agreement
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Automated click: Continue
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.PassMark Software Pty Ltd (PassMark)End User License Agreement (EULA)IMPORTANT! PLEASE READ THE FOLLOWING TERMS AND CONDITIONS.YOU THE INSTALLER OF THIS SOFTWARE AGREE THAT ALL OF THE TERMS AND CONDITIONS DESCRIBED BELOW APPLY TO YOU AND ANYONE ELSE WHO USES THIS SOFTWARE IF EITHER;YOU CLICK THE ACCEPT BUTTON OR YOU COPY INSTALL OR USE THIS COPY OF PASSMARK SOFTWARE OR YOU PERMIT OR ENABLE OTHERS TO COPY INSTALL OR USE THIS PASSMARK SOFTWARE.IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS AND CONDITIONS DESCRIBED BELOW PLEASE TERMINATE INSTALLATION IMMEDIATELY AND DO NOT USE THIS SOFTWARE.SOFTWARE COVERED BY THIS LICENCEThis license agreement (Agreement) applies only to the version of the software package PerformanceTest V11 with which this Agreement is included. Different license terms may apply to other software packages from PassMark and license terms for later versions of PerformanceTest may also be changed.TITLEPassMark or its licensors own the PerformanceTest software package including all materials included with the package. PassMark owns the names and marks of PassMark PerformanceTest under copyright trademark and intellectual property laws and all other applicable laws.TERMINATIONThis license will terminate automatically if you fail to comply with any of the terms and conditions limitations and obligations described herein. On termination you must destroy all copies of the PassMark package and all other materials downloaded as part of the package.Trial VersionIf you are using a trial version of PerformanceTest then you must uninstall the software after the trial period of thirty (30) days has elapsed.DISCLAIMER OF WARRANTYPassMark disclaims any and all warranties express or implied including any implied warranties as to merchantability or fitness for a particular purpose. You acknowledge and agree that you had full opportunity to test PerformanceTest before any live public or production use that you assume full responsibility for selecting and using PerformanceTest and any files that may created through the use of PerformanceTest and that if you use PerformanceTest improperly or against instructions you can cause damage to your files software data or business. The entire risk as to quality and performance of PerformanceTest is borne by you. This disclaimer of warranty constitutes an essential part of the agreement. Some jurisdictions do allow exclusions of an implied warranty so this disclaimer may not apply to you and you may have other legal rights that vary by jurisdiction.LIMITATION OF LIABILITYIn no event shall PassMark its officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of PerformanceTest f
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.PassMark Software Pty Ltd (PassMark)End User License Agreement (EULA)IMPORTANT! PLEASE READ THE FOLLOWING TERMS AND CONDITIONS.YOU THE INSTALLER OF THIS SOFTWARE AGREE THAT ALL OF THE TERMS AND CONDITIONS DESCRIBED BELOW APPLY TO YOU AND ANYONE ELSE WHO USES THIS SOFTWARE IF EITHER;YOU CLICK THE ACCEPT BUTTON OR YOU COPY INSTALL OR USE THIS COPY OF PASSMARK SOFTWARE OR YOU PERMIT OR ENABLE OTHERS TO COPY INSTALL OR USE THIS PASSMARK SOFTWARE.IF YOU DO NOT AGREE TO BE BOUND BY THE TERMS AND CONDITIONS DESCRIBED BELOW PLEASE TERMINATE INSTALLATION IMMEDIATELY AND DO NOT USE THIS SOFTWARE.SOFTWARE COVERED BY THIS LICENCEThis license agreement (Agreement) applies only to the version of the software package PerformanceTest V11 with which this Agreement is included. Different license terms may apply to other software packages from PassMark and license terms for later versions of PerformanceTest may also be changed.TITLEPassMark or its licensors own the PerformanceTest software package including all materials included with the package. PassMark owns the names and marks of PassMark PerformanceTest under copyright trademark and intellectual property laws and all other applicable laws.TERMINATIONThis license will terminate automatically if you fail to comply with any of the terms and conditions limitations and obligations described herein. On termination you must destroy all copies of the PassMark package and all other materials downloaded as part of the package.Trial VersionIf you are using a trial version of PerformanceTest then you must uninstall the software after the trial period of thirty (30) days has elapsed.DISCLAIMER OF WARRANTYPassMark disclaims any and all warranties express or implied including any implied warranties as to merchantability or fitness for a particular purpose. You acknowledge and agree that you had full opportunity to test PerformanceTest before any live public or production use that you assume full responsibility for selecting and using PerformanceTest and any files that may created through the use of PerformanceTest and that if you use PerformanceTest improperly or against instructions you can cause damage to your files software data or business. The entire risk as to quality and performance of PerformanceTest is borne by you. This disclaimer of warranty constitutes an essential part of the agreement. Some jurisdictions do allow exclusions of an implied warranty so this disclaimer may not apply to you and you may have other legal rights that vary by jurisdiction.LIMITATION OF LIABILITYIn no event shall PassMark its officers employees affiliates contractors subsidiaries or parent organizations be liable for any incidental consequential or punitive damages whatsoever relating to the use of PerformanceTest f
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Window detected: Number of UI elements: 19
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-7N7GA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-R957H.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-6CSRR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-JQA2K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-GC7AO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-3U9IO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-0QCMU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-GJRP5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-T9C6F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-SDVKA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-NLFHM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-8DGTT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-63OP6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-FFCOU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-UMOBR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-CQ0FJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-4FNSM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-TPV1C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-KC594.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-JQP10.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-JVAEM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BTJ2D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-CHTH9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BSMOR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BHLGV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-FFQ4P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-PKFG3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-71PHT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-C3G98.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-5U057.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3BELA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-B7QQU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-7GI1A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-5KHKG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-2THKK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-SS3MK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BM06S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3B1NB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3TG5S.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-1C2RQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-55SBN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-D5G6G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-HG14O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-V32L6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-KRI5I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-4QFEO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-VAOH0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-84V1G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-S15E6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-AEAGR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-5S5ED.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-5LRJH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-AM03A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-HJB1G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-HCG4N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-0UPI0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3606N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-1UV9G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-B7NVL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-FVDNM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-F25U4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-D405I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-D0HEV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-ISMJA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-8A1JA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-B1N6E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-KS46E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-NSI7L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-2M1K0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-MO4GU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-QN8TQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-2UKBF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-8J0HV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-CH4TN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-DK7GQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-V1S9E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-6UJ2U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-JENPJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-91KV6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-67B0D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-BKM0M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-3E55A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-PAHCN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-M1P32.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\SpaceBattle\is-1TS8U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-1G3LJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-EV615.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-E2CO5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-0ESTF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-JLUJ7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-87387.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-TIFQF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-49140.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-M3RQT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-0BUHL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox\is-EA5ON.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox\is-SBI69.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox\is-2O1TD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Skybox\is-SDGH8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Structures Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Structures\is-1K1LM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Structures\is-H67I4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-56TVG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-KEIUN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-TDS83.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-RSKP6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Terrain\is-SC9PU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Transparency Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\Transparency\is-1AULR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\UI Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\UI\is-EM9QN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\misc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\misc\is-8ANHA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\Media\UI\is-J1HPE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\models Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\models\FaceDetect Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\models\FaceDetect\is-U69MC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\models\FaceDetect\is-ENGC9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\is-5Q5K5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-18QUP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-L4541.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-0UTFI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-HOQVI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-FT8UM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-MOR6I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-6HSBA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-G07L6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-VO41T.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-43D9O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-DFBQ7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-BTTQR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-TQV57.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-Q0HTB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-8EKB4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-6CVQ9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-METPC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-M6IL2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-5AU0N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Cobie Smulders\is-RGE17.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-08Q33.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-KQA8L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-VC6HO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-JUL1E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-12AR5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-ED2JT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-ISN90.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-TDRGL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-LO9E9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-5JIMI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-VRR56.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-DHG8L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-ETNT7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-S5SKB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-GTKP3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-QOO75.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-RK6SO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-EOBL0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-47KBE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_drake\is-UTSDU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-3ORLK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-UTI4A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-RQDN0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-UMO2N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-RMM4I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-R17I1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-2OEAH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-PM6F9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-2DMQB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-RC6HR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-SPJ8N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-EEH1B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-3V4RM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-K1ARJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-TRV8D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-64TAM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-1EK1B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-33FAV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-F1GK9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Jason Momoa\is-35R11.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-88AO3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-AKBVN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-EANB3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-MAHU5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-9S80M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-DSJTK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-UUAVK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-5VFVP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-DU9FR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-HCJCE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-7E0OJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-QRN7M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-VRHEB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-56DNS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-381GP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-DPBRJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-1KCOT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-90RFM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-L5VMT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Kumail Nanjiani\is-PV259.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-LBP09.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-1J87L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-G8DDO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-VACIF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-MRA99.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-UQGNH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-KFIC2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-8B9KU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-6SHCI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-Q70R1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-511SH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-F0I2D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-HN1MU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-T3HHT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-5AGU0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-456KL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-23N95.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-656VU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-IHC35.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Pedro Alonso\is-4UU9D.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-QKSNU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-DKECS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-MVDIO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-HTK2E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-MJHC2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-FUS4E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-SSJ7I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-2RL5F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-S1F28.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-E29MC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-E5KGA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-RFES8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-GGGB8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-R0JMF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-MFOFP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-BTSKJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-9UMBR.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-MCNSE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-59BSM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dataset\FaceDetect\pins-face-recognition\pins_Ryan Reynolds\is-GTM05.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-T7ESP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-R0J42.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-L7N1Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-ERSKP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-JPQAP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-HBVD3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-6HJTS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-BHAC4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-Q3HMK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-TCHR8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-1N43L.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-HOV41.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-01CL1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-6UOM9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-066PT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-INEU5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-D47EO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-4NP9V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-0CERA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-03G0A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-HR90I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-OOE62.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-ILOMN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-2V8K8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-7J8R7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-M94U9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-KO0EQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-QIT7M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-OQL3E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-GESAC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-ORNQB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-MNUCD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-IQOI0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-P9264.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\css\is-UHS43.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-95MO4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-AM0JK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-08HH9.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-A6CAP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-HEP4K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-6R392.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-8FGFI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-GVV16.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-EVEFK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-6T573.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\dll_x64\is-LAE8N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-MSOE1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\is-C0649.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Directory created: C:\Program Files\PerformanceTest\unins000.msg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PerformanceTest 11_is1 Jump to behavior
Source: petst.exe Static PE information: certificate valid
Source: petst.exe Static file information: File size 83004160 > 1048576
Source: petst.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\opencv-build\bin\Release\opencv_imgproc460.pdb source: petst.tmp, 00000002.00000003.44920361218.0000000005B90000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\PerformanceTest\_Build\Release\debug64\PerformanceTest\PerformanceTest64.pdb source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d3d11ref.pdb"; source: petst.tmp, 00000002.00000003.44920361218.0000000005B90000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: d3d11ref.pdb source: petst.tmp, 00000002.00000003.44920361218.0000000005B90000.00000004.00001000.00020000.00000000.sdmp
Binary contains a suspicious time stamp
Source: is-8DGTT.tmp.2.dr Static PE information: 0xB2BF685C [Sun Jan 11 08:35:40 2065 UTC]
PE file contains sections with non-standard names
Source: petst.exe Static PE information: section name: .didata
Source: petst.tmp.0.dr Static PE information: section name: .didata
Source: is-T9C6F.tmp.2.dr Static PE information: section name: _RDATA
Source: is-8DGTT.tmp.2.dr Static PE information: section name: _RDATA
Source: is-63OP6.tmp.2.dr Static PE information: section name: .didat
Source: is-63OP6.tmp.2.dr Static PE information: section name: _RDATA
Source: is-7N7GA.tmp.2.dr Static PE information: section name: .didata
Source: is-R957H.tmp.2.dr Static PE information: section name: .dummy1
Source: is-R957H.tmp.2.dr Static PE information: section name: _RDATA
Source: is-R957H.tmp.2.dr Static PE information: section name: .vlizer
Source: is-6CSRR.tmp.2.dr Static PE information: section name: _RDATA
Source: is-JQA2K.tmp.2.dr Static PE information: section name: _RDATA
Source: is-GC7AO.tmp.2.dr Static PE information: section name: _RDATA
Source: is-0QCMU.tmp.2.dr Static PE information: section name: _RDATA
Source: is-GJRP5.tmp.2.dr Static PE information: section name: _RDATA
Source: is-D47EO.tmp.2.dr Static PE information: section name: .00cfg
Source: is-4NP9V.tmp.2.dr Static PE information: section name: .00cfg
Source: is-0CERA.tmp.2.dr Static PE information: section name: .xdata
Source: is-0CERA.tmp.2.dr Static PE information: section name: /4
Source: is-0CERA.tmp.2.dr Static PE information: section name: /19
Source: is-0CERA.tmp.2.dr Static PE information: section name: /31
Source: is-0CERA.tmp.2.dr Static PE information: section name: /45
Source: is-0CERA.tmp.2.dr Static PE information: section name: /57
Source: is-0CERA.tmp.2.dr Static PE information: section name: /70
Source: is-0CERA.tmp.2.dr Static PE information: section name: /81
Source: is-0CERA.tmp.2.dr Static PE information: section name: /92
Source: is-03G0A.tmp.2.dr Static PE information: section name: .xdata
Source: is-03G0A.tmp.2.dr Static PE information: section name: /4
Source: is-03G0A.tmp.2.dr Static PE information: section name: /19
Source: is-03G0A.tmp.2.dr Static PE information: section name: /31
Source: is-03G0A.tmp.2.dr Static PE information: section name: /45
Source: is-03G0A.tmp.2.dr Static PE information: section name: /57
Source: is-03G0A.tmp.2.dr Static PE information: section name: /70
Source: is-03G0A.tmp.2.dr Static PE information: section name: /81
Source: is-03G0A.tmp.2.dr Static PE information: section name: /92
Source: is-ILOMN.tmp.2.dr Static PE information: section name: .00cfg
Source: is-2V8K8.tmp.2.dr Static PE information: section name: .00cfg
Source: is-7J8R7.tmp.2.dr Static PE information: section name: .xdata
Source: is-M94U9.tmp.2.dr Static PE information: section name: .didat
Source: is-GESAC.tmp.2.dr Static PE information: section name: _RDATA
Source: is-8FGFI.tmp.2.dr Static PE information: section name: IPPCODE
Source: is-8FGFI.tmp.2.dr Static PE information: section name: IPPDATA
Source: is-8FGFI.tmp.2.dr Static PE information: section name: _RDATA
Source: is-GVV16.tmp.2.dr Static PE information: section name: _RDATA
Source: is-6T573.tmp.2.dr Static PE information: section name: _RDATA
Source: is-LAE8N.tmp.2.dr Static PE information: section name: IPPCODE
Source: is-LAE8N.tmp.2.dr Static PE information: section name: IPPDATA
Source: is-LAE8N.tmp.2.dr Static PE information: section name: _RDATA
Source: is-MSOE1.tmp.2.dr Static PE information: section name: _RDATA
Source: is-0ESTF.tmp.2.dr Static PE information: section name: _RDATA
Source: is-87387.tmp.2.dr Static PE information: section name: _RDATA
Source: is-49140.tmp.2.dr Static PE information: section name: _RDATA
Source: is-R957H.tmp.2.dr Static PE information: section name: .dummy1 entropy: 7.994320043285757
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\libpq.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-OpenCV64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-EVEFK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-GC7AO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-6UOM9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-MSOE1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-HBVD3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-OQL3E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-03G0A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\Mandel.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\libwinpthread-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\glew64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-C0649.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-95MO4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-TCHR8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\d3dx10_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PerformanceTest64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-BulletPhysics64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\DirectIo64_legacy.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\QJulia4D.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-01CL1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-LAE8N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-0QCMU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-M94U9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-HR90I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-D3D11Test.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-A6CAP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-Q3HMK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-R957H.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-SDVKA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\clpeak64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-3U9IO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-HOV41.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\opencv_imgcodecs460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-HEP4K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PerformanceTest_Help.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\d3dx9_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-7N7GA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\ze_loader.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-T7ESP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-D47EO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\libssl-3-x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-4NP9V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-7J8R7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-T9C6F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\glut32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-JPQAP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-2V8K8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\opencv_core460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\opencv_highgui460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-NLFHM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-6R392.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\libiconv-2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\opencv_dnn460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-8DGTT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-InternetSpeedTest.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\D3DCompiler_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-DatabaseTest64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-1N43L.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-ILOMN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-BHAC4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dstoragecore.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-GESAC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\MSVCP140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-GJRP5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-TIFQF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-08HH9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-6HJTS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\amd_ags_x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\libcrypto-3-x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\opencv_imgproc460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\glew32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-DBBenchmark64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-8FGFI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\Fluid3D.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\libintl-9.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-63OP6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-87387.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\d3dx11_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-AM0JK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-6CSRR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\DirectIo64.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\freeglut.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\vcruntime140_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\D3DCompiler_43.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\petst.exe File created: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-JLUJ7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-6T573.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\d3dx11_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\d3dx10_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dstorage.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\freeglut.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-NBodyGravity.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-49140.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-066PT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-D3D12Test64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-OOE62.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\d3dx9_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\libmysql.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\libcrypto-1_1-x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\libssl-1_1-x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-EV615.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\vcruntime140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-CPUTest64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Users\user\AppData\Local\Temp\is-2T6FH.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-E2CO5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-0ESTF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-JQA2K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\PT-PDFTest.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\dll_x64\is-GVV16.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\d3d11ref.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\is-0CERA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\oclParticles.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\Program Files\PerformanceTest\amd_ags_x86.dll (copy) Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest\PerformanceTest.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest\PerformanceTest Documentation.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest\Uninstall PerformanceTest.lnk Jump to behavior
Source: C:\Users\user\Desktop\petst.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_DiskDrive
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapter
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE MacAddress = "D0:50:99:DB:23:98"
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE MacAddress = "D0:50:99:DB:23:97"
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive port information (via WMI, Win32_SerialPort, often done to detect virtual machines)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_SerialPort
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ParallelPort
Query firmware table information (likely to detect VMs)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe System information queried: FirmwareTableInformation Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0001 name: DriverDesc Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\libpq.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-OpenCV64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-EVEFK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-GC7AO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-6UOM9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-MSOE1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-HBVD3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-OQL3E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-03G0A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\Mandel.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\libwinpthread-1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\glew64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-C0649.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-95MO4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\d3dx10_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-TCHR8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-BulletPhysics64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\DirectIo64_legacy.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\QJulia4D.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-01CL1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-LAE8N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-0QCMU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-M94U9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-HR90I.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-D3D11Test.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-A6CAP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-Q3HMK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-SDVKA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\clpeak64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-3U9IO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-HOV41.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\opencv_imgcodecs460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-HEP4K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PerformanceTest_Help.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-T7ESP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-D47EO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\libssl-3-x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-4NP9V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-7J8R7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-T9C6F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\glut32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-JPQAP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-2V8K8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\opencv_core460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\opencv_highgui460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-NLFHM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-6R392.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\libiconv-2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\opencv_dnn460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-InternetSpeedTest.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-8DGTT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\D3DCompiler_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-DatabaseTest64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-1N43L.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-ILOMN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dstoragecore.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-BHAC4.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-GESAC.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\MSVCP140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-TIFQF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-GJRP5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-08HH9.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-6HJTS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\amd_ags_x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\libcrypto-3-x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\opencv_imgproc460.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\glew32.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-DBBenchmark64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\Fluid3D.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-8FGFI.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\libintl-9.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-63OP6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-87387.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\d3dx11_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-AM0JK.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\DirectIo64.sys (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-6CSRR.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\vcruntime140_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\freeglut.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\D3DCompiler_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-JLUJ7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\d3dx11_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-6T573.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\d3dx10_43.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\freeglut.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dstorage.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-NBodyGravity.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-49140.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-066PT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-D3D12Test64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-OOE62.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\libmysql.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\libcrypto-1_1-x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\libssl-1_1-x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-EV615.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\vcruntime140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-CPUTest64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-E2CO5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-0ESTF.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-JQA2K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\PT-PDFTest.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\d3d11ref.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\dll_x64\is-GVV16.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\is-0CERA.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\oclParticles.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Dropped PE file which has not been started: C:\Program Files\PerformanceTest\amd_ags_x86.dll (copy) Jump to dropped file
Queries disk information (often used to detect virtual machines)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe File opened: PhysicalDrive0 Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BIOS
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_BaseBoard
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware VMFS
Source: PerformanceTest64.exe, 00000006.00000000.44907833301.00000001443EA000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: NVmci
Source: PerformanceTest64.exe, 00000006.00000003.44940996317.000000000310E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware VMKCORE
Source: PerformanceTest64.exe, 00000006.00000003.44951858663.0000000002D91000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: ROOT\VMWARE\0001
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Open window title or class name: ollydbg
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Process created: C:\Users\user\AppData\Local\Temp\is-2T6FH.tmp\_isetup\_setup64.tmp helper 105 0x4D8 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-2T6FH.tmp\_isetup\_setup64.tmp Code function: 3_2_0000000140001000 GetNamedSecurityInfoW,AllocateAndInitializeSid,SetEntriesInAclW,SetNamedSecurityInfoW,LocalFree,FreeSid,LocalFree,GetLastError, 3_2_0000000140001000
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-8M1N8.tmp\petst.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Queries volume information: C:\ VolumeInformation Jump to behavior

Stealing of Sensitive Information
barindex
Queries disk data (e.g. SMART data)
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
Source: C:\Program Files\PerformanceTest\PerformanceTest64.exe Device IO: \Device\Harddisk0\DR0 Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524335 Sample: petst.exe Startdate: 02/10/2024 Architecture: WINDOWS Score: 38 33 www.passmark.com 2->33 35 passmark.com 2->35 43 Queries sensitive port information (via WMI, Win32_SerialPort, often done to detect virtual machines) 2->43 45 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 2->45 47 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 2->47 49 3 other signatures 2->49 9 petst.exe 2 2->9         started        signatures3 process4 file5 23 C:\Users\user\AppData\Local\...\petst.tmp, PE32 9->23 dropped 12 petst.tmp 34 412 9->12         started        process6 file7 25 C:\...\PerformanceTest64.exe (copy), PE32+ 12->25 dropped 27 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 12->27 dropped 29 C:\Program Files\...\ze_loader.dll (copy), PE32+ 12->29 dropped 31 111 other files (none is malicious) 12->31 dropped 15 PerformanceTest64.exe 7 62 12->15         started        19 _setup64.tmp 1 12->19         started        process8 dnsIp9 37 passmark.com 216.146.212.71, 443, 49768, 49769 PAIR-NETWORKSUS United States 15->37 39 Query firmware table information (likely to detect VMs) 15->39 41 Queries disk data (e.g. SMART data) 15->41 21 conhost.exe 19->21         started        signatures10 process11
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
216.146.212.71
 passmark.com United States
7859 PAIR-NETWORKSUS false

Contacted Domains

Name IP Active
passmark.com 216.146.212.71 true
www.passmark.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.passmark.com/baselines/V10/modelList.php?key=TRIAL_DAY0&type=hdd false
    		unknown
    https://www.passmark.com/baselines/V10/modelList.php?key=TRIAL_DAY0&type=gpu false
      		unknown
      https://www.passmark.com/baselines/V10/modelList.php?key=TRIAL_DAY0&type=cpu false
        		unknown
        https://www.passmark.com/baselines/V10/modelList.php?key=TRIAL_DAY0&type=ram false
          		unknown