Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.181.4.162 |
Source: OpenWith.exe, OpenWith.exe, 0000000C.00000003.1876882190.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905961871.000001C4B36E2000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1868874518.000001C4B36C8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873132909.000001C4B36E8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2033626763.000001C4B36E1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088748736.000001C4B38C2000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B36C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000002.2089949265.000001C4B1600000.00000040.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873507016.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1872783770.000001C4B3663000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000002.2090989362.000001C4B38C3000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869472379.000001C4B36C8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871264910.000001C4B36E8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875754085.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1910899682.000001C4B36E2000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088305060.000001C4B36E2000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2033352520.000001C4B36D1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869999188.000001C4B36E8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1848670499.000001C4B36C8000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://135.181.4.162:2423/97e9fc994198e76/ok9djscw.jxh0g |
Source: OpenWith.exe, 00000006.00000002.1800181660.0000000002BAC000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: https://135.181.4.162:2423/97e9fc994198e76/ok9djscw.jxh0g( |
Source: OpenWith.exe, 00000006.00000002.1801414267.000000000562A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000002.2089949265.000001C4B1600000.00000040.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://135.181.4.162:2423/97e9fc994198e76/ok9djscw.jxh0gkernelbasentdllkernel32GetProcessMitigation |
Source: RegAsm.exe, 00000005.00000002.1739152797.000000000123C000.00000004.00000010.00020000.00000000.sdmp |
String found in binary or memory: https://135.h |
Source: OpenWith.exe, 0000000C.00000003.1876882190.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1907147043.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873507016.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1872783770.000001C4B3663000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000002.2090682912.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905961871.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875754085.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2033352520.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1898999005.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873292564.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871887979.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875022702.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871033957.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1878512690.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873976059.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1910899682.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905222382.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871650965.000001C4B3668000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2006206125.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: OpenWith.exe, 0000000C.00000003.1876882190.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1907147043.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873507016.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1872783770.000001C4B3663000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000002.2090682912.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905961871.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875754085.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2033352520.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1898999005.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873292564.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871887979.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875022702.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871033957.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1878512690.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873976059.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1910899682.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905222382.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871650965.000001C4B3668000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2006206125.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: OpenWith.exe, 0000000C.00000003.1876882190.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1907147043.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873507016.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1872783770.000001C4B3663000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000002.2090682912.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905961871.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875754085.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2033352520.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1898999005.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873292564.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871887979.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875022702.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871033957.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1878512690.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873976059.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1910899682.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905222382.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871650965.000001C4B3668000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2006206125.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: OpenWith.exe, 0000000C.00000003.1876882190.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1907147043.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873507016.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1872783770.000001C4B3663000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000002.2090682912.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905961871.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875754085.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2033352520.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1898999005.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873292564.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871887979.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875022702.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871033957.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1878512690.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873976059.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1910899682.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905222382.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871650965.000001C4B3668000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2006206125.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: OpenWith.exe, 0000000C.00000003.1878159928.000001C4B3BEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discord.com |
Source: OpenWith.exe, 0000000C.00000003.1878159928.000001C4B3BEE000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://discordapp.com |
Source: OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: OpenWith.exe, 0000000C.00000003.2033593746.000001C4B36F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905961871.000001C4B36E2000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2006573754.000001C4B36F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1879533287.000001C4B36F6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088305060.000001C4B36F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2033352520.000001C4B36EE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000002.2090897935.000001C4B36F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1906879801.000001C4B36F6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2006206125.000001C4B36EE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1878512690.000001C4B36F3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mic |
Source: OpenWith.exe, 0000000C.00000003.1878512690.000001C4B36F3000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mic) |
Source: OpenWith.exe, 0000000C.00000003.1872339760.000001C4B3641000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871542217.000001C4B398A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1872074569.000001C4B3BA0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1899631638.000001C4B3BAA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1876331692.000001C4B362B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016 |
Source: OpenWith.exe, 0000000C.00000003.1872074569.000001C4B3B7B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples |
Source: OpenWith.exe, 0000000C.00000003.1872339760.000001C4B3641000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871542217.000001C4B398A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1872074569.000001C4B3BA0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871650965.000001C4B3668000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1899631638.000001C4B3BAA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1876331692.000001C4B362B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17 |
Source: OpenWith.exe, 0000000C.00000003.1872074569.000001C4B3B7B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install |
Source: OpenWith.exe, 0000000C.00000003.1871650965.000001C4B3668000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6 |
Source: OpenWith.exe, 0000000C.00000003.1876882190.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1907147043.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873507016.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1872783770.000001C4B3663000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000002.2090682912.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905961871.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875754085.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2033352520.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1898999005.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873292564.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871887979.000001C4B366A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1875022702.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871033957.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1878512690.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1873976059.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1910899682.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1905222382.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871650965.000001C4B3668000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2006206125.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: OpenWith.exe, 0000000C.00000003.1870266082.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871033957.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1869733313.000001C4B366C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1870663279.000001C4B366D000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_000001C4B30030C7 NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlFreeHeap,RtlFreeHeap, |
12_3_000001C4B30030C7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52AF60 NtAcceptConnectPort, |
12_3_00007DF42F52AF60 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52AF40 NtAcceptConnectPort, |
12_3_00007DF42F52AF40 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52ADD4 NtAcceptConnectPort, |
12_3_00007DF42F52ADD4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52AE5C NtAcceptConnectPort, |
12_3_00007DF42F52AE5C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52BE6C calloc,NtAcceptConnectPort, |
12_3_00007DF42F52BE6C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52ACE8 NtAcceptConnectPort, |
12_3_00007DF42F52ACE8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52BCC0 NtAcceptConnectPort,NtAcceptConnectPort,free, |
12_3_00007DF42F52BCC0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52ACC8 NtAcceptConnectPort, |
12_3_00007DF42F52ACC8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52AD14 NtAcceptConnectPort, |
12_3_00007DF42F52AD14 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52AC0C NtAcceptConnectPort, |
12_3_00007DF42F52AC0C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52C7CC NtAcceptConnectPort, |
12_3_00007DF42F52C7CC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52C70C NtAcceptConnectPort, |
12_3_00007DF42F52C70C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52B498 NtAcceptConnectPort,calloc,DuplicateHandle,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort, |
12_3_00007DF42F52B498 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52C47C NtAcceptConnectPort, |
12_3_00007DF42F52C47C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52D3C0 NtAcceptConnectPort,NtAcceptConnectPort, |
12_3_00007DF42F52D3C0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52D2F4 NtAcceptConnectPort,NtAcceptConnectPort, |
12_3_00007DF42F52D2F4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52C10C NtAcceptConnectPort, |
12_3_00007DF42F52C10C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_2_000001C4B1601A90 NtAcceptConnectPort,NtAcceptConnectPort, |
12_2_000001C4B1601A90 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_2_000001C4B1600AC8 NtAcceptConnectPort,NtAcceptConnectPort, |
12_2_000001C4B1600AC8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_2_000001C4B1601CD0 NtAcceptConnectPort,CloseHandle, |
12_2_000001C4B1601CD0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_2_000001C4B16015AC NtAcceptConnectPort, |
12_2_000001C4B16015AC |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_00007DF449D01CE8 CreateProcessW,NtResumeThread,CloseHandle,free, |
16_3_00007DF449D01CE8 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_00007DF449D01958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory, |
16_3_00007DF449D01958 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00000191682127B8 NtAcceptConnectPort, |
16_2_00000191682127B8 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916821288C NtAcceptConnectPort, |
16_2_000001916821288C |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00000191682128E8 NtAcceptConnectPort, |
16_2_00000191682128E8 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00000191682128B8 NtAcceptConnectPort, |
16_2_00000191682128B8 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168212990 NtAcceptConnectPort, |
16_2_0000019168212990 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00000191682129D4 NtAcceptConnectPort, |
16_2_00000191682129D4 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168212418 NtAcceptConnectPort, |
16_2_0000019168212418 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168212C64 NtAcceptConnectPort, |
16_2_0000019168212C64 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916821252C NtAcceptConnectPort, |
16_2_000001916821252C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782B385C NtQuerySystemInformation, |
17_2_00000242782B385C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_000001C4B30024F7 |
12_3_000001C4B30024F7 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_000001C4B3005E7C |
12_3_000001C4B3005E7C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_000001C4B300557C |
12_3_000001C4B300557C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_000001C4B30058FC |
12_3_000001C4B30058FC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_000001C4B300279C |
12_3_000001C4B300279C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_000001C4B3001BA6 |
12_3_000001C4B3001BA6 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_000001C4B3004A38 |
12_3_000001C4B3004A38 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_000001C4B3002C3C |
12_3_000001C4B3002C3C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F502634 |
12_3_00007DF42F502634 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5E9F68 |
12_3_00007DF42F5E9F68 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F539F4C |
12_3_00007DF42F539F4C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F530F04 |
12_3_00007DF42F530F04 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F54FDE0 |
12_3_00007DF42F54FDE0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5F6DAC |
12_3_00007DF42F5F6DAC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5E3D84 |
12_3_00007DF42F5E3D84 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F511E54 |
12_3_00007DF42F511E54 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5EAE00 |
12_3_00007DF42F5EAE00 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5DEBE4 |
12_3_00007DF42F5DEBE4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5A6C60 |
12_3_00007DF42F5A6C60 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F56DC54 |
12_3_00007DF42F56DC54 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F513C6C |
12_3_00007DF42F513C6C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F505C24 |
12_3_00007DF42F505C24 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F515C08 |
12_3_00007DF42F515C08 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F579AE0 |
12_3_00007DF42F579AE0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F54FA94 |
12_3_00007DF42F54FA94 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F559B70 |
12_3_00007DF42F559B70 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F569B38 |
12_3_00007DF42F569B38 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F51FB24 |
12_3_00007DF42F51FB24 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5EFB04 |
12_3_00007DF42F5EFB04 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5FCB04 |
12_3_00007DF42F5FCB04 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F51D9F0 |
12_3_00007DF42F51D9F0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5E69A8 |
12_3_00007DF42F5E69A8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F55CA38 |
12_3_00007DF42F55CA38 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5EA8BC |
12_3_00007DF42F5EA8BC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F51F95C |
12_3_00007DF42F51F95C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F52996C |
12_3_00007DF42F52996C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F55B7B8 |
12_3_00007DF42F55B7B8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5696E0 |
12_3_00007DF42F5696E0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5575E4 |
12_3_00007DF42F5575E4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5695D0 |
12_3_00007DF42F5695D0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F55D594 |
12_3_00007DF42F55D594 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F50F624 |
12_3_00007DF42F50F624 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5EA4A0 |
12_3_00007DF42F5EA4A0 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5E8474 |
12_3_00007DF42F5E8474 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F552524 |
12_3_00007DF42F552524 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5DA3D4 |
12_3_00007DF42F5DA3D4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F54F3B8 |
12_3_00007DF42F54F3B8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F55A430 |
12_3_00007DF42F55A430 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5693F4 |
12_3_00007DF42F5693F4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5443F8 |
12_3_00007DF42F5443F8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5F72C8 |
12_3_00007DF42F5F72C8 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5EB318 |
12_3_00007DF42F5EB318 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F59E24C |
12_3_00007DF42F59E24C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5720BC |
12_3_00007DF42F5720BC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5CA168 |
12_3_00007DF42F5CA168 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F55B104 |
12_3_00007DF42F55B104 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F57CFB4 |
12_3_00007DF42F57CFB4 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5FBFCC |
12_3_00007DF42F5FBFCC |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F5EAF80 |
12_3_00007DF42F5EAF80 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F501058 |
12_3_00007DF42F501058 |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_3_00007DF42F54F02C |
12_3_00007DF42F54F02C |
Source: C:\Windows\System32\OpenWith.exe |
Code function: 12_2_000001C4B1600C5C |
12_2_000001C4B1600C5C |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_0000019168401F40 |
16_3_0000019168401F40 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_0000019168403660 |
16_3_0000019168403660 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_000001916840027B |
16_3_000001916840027B |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_000001916840170E |
16_3_000001916840170E |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_0000019168402718 |
16_3_0000019168402718 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_00007DF449D02204 |
16_3_00007DF449D02204 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_00007DF449D04EFC |
16_3_00007DF449D04EFC |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_3_00007DF449D0392C |
16_3_00007DF449D0392C |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916820C25C |
16_2_000001916820C25C |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168212D24 |
16_2_0000019168212D24 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168202628 |
16_2_0000019168202628 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916823A81C |
16_2_000001916823A81C |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916821D010 |
16_2_000001916821D010 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916822D854 |
16_2_000001916822D854 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168227094 |
16_2_0000019168227094 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168240874 |
16_2_0000019168240874 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00000191682348D0 |
16_2_00000191682348D0 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168235918 |
16_2_0000019168235918 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916823F940 |
16_2_000001916823F940 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168220174 |
16_2_0000019168220174 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916823E984 |
16_2_000001916823E984 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916823F1D0 |
16_2_000001916823F1D0 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168240270 |
16_2_0000019168240270 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168217270 |
16_2_0000019168217270 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168233A38 |
16_2_0000019168233A38 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168243A4D |
16_2_0000019168243A4D |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168234A50 |
16_2_0000019168234A50 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168215ADC |
16_2_0000019168215ADC |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916821E398 |
16_2_000001916821E398 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916823CC00 |
16_2_000001916823CC00 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168246434 |
16_2_0000019168246434 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168230478 |
16_2_0000019168230478 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916821DCE4 |
16_2_000001916821DCE4 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916823ECE4 |
16_2_000001916823ECE4 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00000191682014D0 |
16_2_00000191682014D0 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168226D18 |
16_2_0000019168226D18 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00000191682355B0 |
16_2_00000191682355B0 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168240D90 |
16_2_0000019168240D90 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00000191682395D4 |
16_2_00000191682395D4 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168234DE8 |
16_2_0000019168234DE8 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916821F618 |
16_2_000001916821F618 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168223EA4 |
16_2_0000019168223EA4 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168227684 |
16_2_0000019168227684 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00000191682286B4 |
16_2_00000191682286B4 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916821BEB8 |
16_2_000001916821BEB8 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168235EC8 |
16_2_0000019168235EC8 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168216F24 |
16_2_0000019168216F24 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_0000019168233F70 |
16_2_0000019168233F70 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_000001916821C750 |
16_2_000001916821C750 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D27554 |
16_2_00007DF449D27554 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D23D3B |
16_2_00007DF449D23D3B |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D1F149 |
16_2_00007DF449D1F149 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D1BD49 |
16_2_00007DF449D1BD49 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D26927 |
16_2_00007DF449D26927 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D258F8 |
16_2_00007DF449D258F8 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D250D6 |
16_2_00007DF449D250D6 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D154C0 |
16_2_00007DF449D154C0 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D260A5 |
16_2_00007DF449D260A5 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D25456 |
16_2_00007DF449D25456 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D18C19 |
16_2_00007DF449D18C19 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D1DFEB |
16_2_00007DF449D1DFEB |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D183BA |
16_2_00007DF449D183BA |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D14F8A |
16_2_00007DF449D14F8A |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D26B5B |
16_2_00007DF449D26B5B |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D20F5A |
16_2_00007DF449D20F5A |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D26F4A |
16_2_00007DF449D26F4A |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D22F24 |
16_2_00007DF449D22F24 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D25AB2 |
16_2_00007DF449D25AB2 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D27A58 |
16_2_00007DF449D27A58 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D25227 |
16_2_00007DF449D25227 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D271FE |
16_2_00007DF449D271FE |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D1C5C4 |
16_2_00007DF449D1C5C4 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D221C7 |
16_2_00007DF449D221C7 |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Code function: 16_2_00007DF449D1A5A5 |
16_2_00007DF449D1A5A5 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782D3210 |
17_2_00000242782D3210 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782D2254 |
17_2_00000242782D2254 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782D2AA0 |
17_2_00000242782D2AA0 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782C92D4 |
17_2_00000242782C92D4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782D3B40 |
17_2_00000242782D3B40 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782B737C |
17_2_00000242782B737C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782C53C8 |
17_2_00000242782C53C8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782BBC68 |
17_2_00000242782BBC68 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782DC500 |
17_2_00000242782DC500 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782CA4F8 |
17_2_00000242782CA4F8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782C9D30 |
17_2_00000242782C9D30 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782B6D37 |
17_2_00000242782B6D37 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782CE51C |
17_2_00000242782CE51C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782D25B4 |
17_2_00000242782D25B4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782B8DF4 |
17_2_00000242782B8DF4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782BC5D4 |
17_2_00000242782BC5D4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782CAE10 |
17_2_00000242782CAE10 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782E1E08 |
17_2_00000242782E1E08 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782BD604 |
17_2_00000242782BD604 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782DC668 |
17_2_00000242782DC668 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782D4660 |
17_2_00000242782D4660 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782C8EB8 |
17_2_00000242782C8EB8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782CF76C |
17_2_00000242782CF76C |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782C27A4 |
17_2_00000242782C27A4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782BBFE4 |
17_2_00000242782BBFE4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782C9818 |
17_2_00000242782C9818 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782CA860 |
17_2_00000242782CA860 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782C8980 |
17_2_00000242782C8980 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782D4144 |
17_2_00000242782D4144 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 17_2_00000242782C9998 |
17_2_00000242782C9998 |
Source: OpenWith.exe, 0000000C.00000003.2089693717.00007DF42F602000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2089235322.000001C4B3A71000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088143901.000001C4B3725000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1837587060.000001C4B30DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1847168318.000001C4B3924000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1846690752.000001C4B3871000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1845688184.000001C4B30D4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence'; |
Source: OpenWith.exe, 0000000C.00000003.2089693717.00007DF42F602000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2089235322.000001C4B3A71000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088143901.000001C4B3725000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1837587060.000001C4B30DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1847168318.000001C4B3924000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1846690752.000001C4B3871000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1845688184.000001C4B30D4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q); |
Source: OpenWith.exe, 0000000C.00000003.2089693717.00007DF42F602000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2089235322.000001C4B3A71000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088143901.000001C4B3725000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1837587060.000001C4B30DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1847168318.000001C4B3924000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1846690752.000001C4B3871000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1845688184.000001C4B30D4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0 |
Source: OpenWith.exe, 0000000C.00000003.2089693717.00007DF42F602000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2089235322.000001C4B3A71000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088143901.000001C4B3725000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1837587060.000001C4B30DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1847168318.000001C4B3924000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1846690752.000001C4B3871000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1845688184.000001C4B30D4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s; |
Source: OpenWith.exe, 0000000C.00000003.2089693717.00007DF42F602000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2089235322.000001C4B3A71000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088143901.000001C4B3725000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1837587060.000001C4B30DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1847168318.000001C4B3924000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1846690752.000001C4B3871000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1845688184.000001C4B30D4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s; |
Source: OpenWith.exe, 0000000C.00000003.2089693717.00007DF42F602000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2089235322.000001C4B3A71000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088143901.000001C4B3725000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1837587060.000001C4B30DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1847168318.000001C4B3924000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1846690752.000001C4B3871000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1845688184.000001C4B30D4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
Source: OpenWith.exe, 0000000C.00000003.1870594160.000001C4B3BE5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1871378644.000001C4B3B7F000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1870818386.000001C4B3BE5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key)); |
Source: OpenWith.exe, 0000000C.00000003.2089693717.00007DF42F602000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2089235322.000001C4B3A71000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.2088143901.000001C4B3725000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1837587060.000001C4B30DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1847168318.000001C4B3924000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1846690752.000001C4B3871000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000C.00000003.1845688184.000001C4B30D4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence' |
Source: unknown |
Process created: C:\Users\user\Desktop\TctqdRX5Wq.exe "C:\Users\user\Desktop\TctqdRX5Wq.exe" |
|
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
|
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
|
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
|
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe" |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 688 |
|
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 684 |
|
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe" |
|
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\System32\SIHClient.exe C:\Windows\System32\sihclient.exe /cv gXqch/IrSkuvKvqIAnHVew.0.2 |
|
Source: C:\Windows\System32\OpenWith.exe |
Process created: C:\Program Files\Windows Media Player\setup_wm.exe "C:\Program Files\Windows Media Player\setup_wm.exe" |
|
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" |
|
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process created: C:\Windows\SysWOW64\OpenWith.exe "C:\Windows\system32\openwith.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe" |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process created: C:\Program Files\Windows Media Player\setup_wm.exe "C:\Program Files\Windows Media Player\setup_wm.exe" |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Section loaded: mscoree.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: wbemcomn.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: atl.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: mfplat.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: rtworkq.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Section loaded: dhcpcsvc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TctqdRX5Wq.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\SIHClient.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Windows Media Player\setup_wm.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\dllhost.exe |
Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtab |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.default |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnails |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2 |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm |
Jump to behavior |