Windows Analysis Report
svchost.exe

Overview

General Information

Sample name: svchost.exe
Analysis ID: 1532544
MD5: 0a8a20f78887d083909131e3206e7ea3
SHA1: d72ccda934c157750a7a415c8caef1b7a3576720
SHA256: 2e463e9569f44d2c1f91b72e9b5fe140959738b436b25faf57b1ec5e9f253980
Tags: exeuser-poppysec
Infos:

Detection

Score: 72
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

System process connects to network (likely due to code injection or exploit)
Drops PE files with benign system names
Drops large PE files
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Suspect Svchost Activity
Sigma detected: System File Execution Location Anomaly
Sigma detected: Windows Binaries Write Suspicious Extensions
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check the online IP address of the machine
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sigma detected: Console CodePage Lookup Via CHCP
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Uses 32bit PE files
Source: svchost.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\doc\static\opensans\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\src\cnoke\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\resources\app.asar.unpacked\node_modules\koffi\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\resources\app.asar.unpacked\node_modules\koffi\doc\static\opensans\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\resources\app.asar.unpacked\node_modules\koffi\src\cnoke\LICENSE.txt Jump to behavior
Source: svchost.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: svchost.exe, 00000000.00000003.2015578894.0000000006100000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.2015833860.0000000006280000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\locales Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\app-64.7z Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build Jump to behavior

Networking
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Network Connect: 34.117.59.81 443 Jump to behavior
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox View IP Address: 34.117.59.81 34.117.59.81
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: GOOGLE-AS-APGoogleAsiaPacificPteLtdSG GOOGLE-AS-APGoogleAsiaPacificPteLtdSG
May check the online IP address of the machine
Source: unknown DNS query: name: ipinfo.io
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: ipinfo.io
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://bgoffice.sourceforge.net/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://brltty.app
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://casper.beckman.uiuc.edu/~c-tsai4
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cgit.freedesktop.org/~aplattner/nvidia-settings/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://chasen.aist-nara.ac.jp/chasen/distribution.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/atinject/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/google-axs-chrome/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/google-jstemplate/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/lao-dictionary/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/python-gflags/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/smhasher/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/y2038
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cristal.univ-lille.fr/~casiez/1euro/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://daringfireball.net/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://developer.android.com/ndk/index.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://developer.android.com/sdk/index.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://developer.intel.com/vtune/cbts/strmsimd/922down.htm
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://developer.intel.com/vtune/cbts/strmsimd/appnotes.htm)
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://developer.mozilla.org/en-US/docs/Accessibility/AT-APIs
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ffmpeg.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://findbugs.sourceforge.net/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://fsf.org/>
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://google.github.io/snappy/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://harfbuzz.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://hunspell.sourceforge.net/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://libcxx.llvm.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://libcxxabi.llvm.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://libevent.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://libpng.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://llvm.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://modp.com/release/base64
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://nodejs.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://opensource.org/licenses/bsd-license.php
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://opensource.perlig.de/rjsmin/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://oss.sgi.com/projects/FreeB/
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://primer.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://sigslot.sourceforge.net/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://skal.planet-d.net/coding/dct.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://software.blackmagicdesign.com/DeckLink/v10.7/Blackmagic_DeckLink_SDK_10.7.zip
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://source.android.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://source.android.com).
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://source.android.com/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://source.android.com/compatibility)
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://sourceware.org/ml/newlib/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://sourceware.org/newlib/docs.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://underscorejs.org/>
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://unlicense.org/>
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://website-archive.mozilla.org/www.mozilla.org/mpl/MPL/NPL/1.1/):
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.7-zip.org/sdk.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/).
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.apple.com/legal/guidelinesfor3rdparties.html.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.azillionmonkeys.com/qed/hash.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.chromium.org/blink
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.cisl.ucar.edu/css/software/fftpack5/ftpk.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.daemonology.net/bsdiff/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.elecard.com/peter/idct.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.finesse.demon.co.uk/steven/sqrt.html.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.flotcharts.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.freedesktop.org/wiki/Software/systemd/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.freetype.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.freetype.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/copyleft/lesser.txt
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/licenses/>.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ijg.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.khronos.org/registry
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.khronos.org/registry/egl
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.linuxvideo.org/mpeg2dec/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mesa3d.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mojohaus.org/animal-sniffer/animal-sniffer-annotations/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/MPL/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/NPL/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/projects/nspr/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/projects/security/pki/nss/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.openh264.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.apple.com/apsl/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.openssl.org/)"
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.pertinentdetail.org/sqrt
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ploscompbiol.org/static/license
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.polymer-project.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.portaudio.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.softsynth.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.suitable.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.tex-tipografia.com/spanish_hyphen.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.torchmobile.com/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org/Public/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org/Public/zipped/9.0.0/UCD.zip
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org/cldr/data/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org/cldr/data/.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000005800000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org/copyright.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org/copyright.html.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org/reports/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xmlsoft.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xmlsoft.org/XSLT
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/cts/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/development/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/external/hyphenation-patterns/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/external/perfetto/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/external/puffin
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/external/setupdesign/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/frameworks/base
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/frameworks/support
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://aomedia.googlesource.com/aom/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://aomedia.googlesource.com/libavifinfo/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://beto-core.googlesource.com/beto-core
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://bitbucket.org/jpommier/pffft/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://boringssl.googlesource.com/boringssl
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://boringssl.googlesource.com/boringssl/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://checkerframework.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://checkerframework.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=es&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=et&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=etCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=fa&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=faCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=fi&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=fiCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=fil&category=theme81https://myactivity.google.com/myactivity/?
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=filCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=fr&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=frCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=gu&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=guCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=he&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=heCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=hi&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=hiCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=hr&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=hrCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=hu&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=huCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=id&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=idCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=it&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=itCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ko&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=koCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=lt&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ltCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=lv&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=lvCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ml&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=mlCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=mr&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=mrCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ms&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=msCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=nl&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=nlCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=no&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=noCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=pl&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=plCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=pt-BR&category=theme81https://myactivity.google.com/myactivity
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=pt-BRCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=pt-PTCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=sl&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=sr&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=srCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=sv&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=svCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=sw&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=swCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ta&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=taCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=teCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=thCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=tr&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=trCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=urCtrl$2
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=viCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CNCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TWCtrl$1
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromewebstore.google.com/category/extensions
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/cast_core/public
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/chromium/src/third_party/ipcz
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/chromiumos/platform/minigbm
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/chromiumos/platform2/libipp
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/codecs/libgav1/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/deps/inspector_protocol/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/devtools/devtools-frontend
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind.git
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/external/google3/cros_components/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/external/webrtc
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/libyuv/libyuv/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/openscreen
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/webm/libvpx
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cla.developers.google.com/clas
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cloud.google.com/storage/docs/gsutil
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://code.google.com/archive/p/android-gifview/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://code.videolan.org/videolan/dav1d
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crashpad.chromium.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://creativecommons.org/.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://datatracker.ietf.org/ipr/1524/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://datatracker.ietf.org/ipr/1526/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://datatracker.ietf.org/ipr/1914/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://dawn.googlesource.com/dawn
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.android.com/guide/playcore.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.android.com/topic/libraries/architecture/index.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developers.google.com/android/guides/setup
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developers.google.com/ar/develop/java/enable-arcore#dependencies
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developers.google.com/v8/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://dl.google.com/android/repository/android-ndk-r27-beta1-linux.zip
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://dxr.mozilla.org/mozilla-central/source/security/manager/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://easylist.to/)"
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://easylist.to/easylist/easylist.txt
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://firebase.google.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://fuchsia.googlesource.com/fuchsia/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://fusejs.io
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://git.gnome.org/browse/libsecret/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/AOMediaCodec/libavif
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/GPUOpen-Effects/FidelityFX-SPD
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/GoogleChrome/lighthouse
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/GoogleChromeLabs/chromium-bidi/archive/b2a9761bca31a27c01aeee058cde31a3f0c9528a.z
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/GoogleCloudPlatform/appengine-gcs-client
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Kotlin/kotlinx.atomicfu
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Kotlin/kotlinx.coroutines
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/LinuxA11y/IAccessible2
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Maratyszcza/FP16
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Maratyszcza/FXdiv
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Maratyszcza/pthreadpool
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Microsoft/webauthn/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/PortAudio/portaudio/tree/master/src/common
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/ReactiveX/rxjs
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/SeleniumHQ/selenium/tree/trunk
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Stuk/jszip
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/Themaister/Granite
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/abseil/abseil-cpp
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/abseil/abseil-cpp/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/acornjs/acorn
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/airbnb/lottie-ios.git
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/airbnb/lottie-web
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/apple/coremltools
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/brailcom/speechd
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/chjj/)
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/chromium/content_analysis_sdk
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/chromium/dom-distiller
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/cisco/libsrtp
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/client9/stringencoders
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/cls/libutf
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/codemirror/CodeMirror.next/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/codemirror/CodeMirror/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/d3/d3
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/dequelabs/axe-core/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/developit/mitt
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/easylist)
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/etingof/pyasn1
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/eugeneware/jpeg-js
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/formatjs/formatjs
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google-ar/arcore-android-sdk
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/anonymous-tokens
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/auto/tree/master/service
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/brotli
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/cityhash
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/cld3
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/closure-library
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/compact_enc_det
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/cpu_features
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/crc32c
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/dagger
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/double-conversion
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/error-prone/tree/master/annotations
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/farmhash
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/flatbuffers
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/gemmlowp
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/glog
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/google-api-python-client/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/google-toolbox-for-mac
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/gson
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/guava
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/highway
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/j2objc/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/leveldb.git
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/libaddressinput
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/libprotobuf-mutator
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/maldoca.git
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/material-design-icons
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/mediapipe
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/nearby
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/oauth2client
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/pprof/tree/master/proto
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/private-join-and-compute
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/protobuf
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/re2
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/securemessage
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/sentencepiece
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/shell-encryption
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/googleapis/google-auth-library-python
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/googlefonts/emoji-metadata
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/googlei18n/emoji-segmenter
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/googlei18n/google-input-tools.git
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/googlei18n/libphonenumber/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/googlevr/cardboard
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/grpc/grpc
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/grpc/grpc-java
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/html5lib/html5lib-python
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/httplib2/httplib2
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/intel/ARM_NEON_2_x86_SSE
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/intel/libva
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/isagalaev/ijson
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jimhigson/oboe.js
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/joyent/libuv
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/joyent/node
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jquery/jquery-ui
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/khaledhosny/ots.git
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/libexpat/libexpat
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/libjpeg-turbo/libjpeg-turbo/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/liblouis/liblouis
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/lit/lit
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/lodash/lodash
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/markedjs/marked
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-components/material-components-android
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-components/material-components-ios
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-components/material-components-web-components
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-foundation/material-color-utilities
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-foundation/material-font-disk-loader-ios
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-foundation/material-internationalization-ios
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-foundation/material-roboto-font-loader-ios
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-foundation/material-sprited-animation-view-ios
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-foundation/material-text-accessibility-ios
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-motion/motion-animator-objc
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-motion/motion-interchange-objc
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/material-motion/motion-transitioning-objc
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/microsoft/directx-headers
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/microsoft/vscode-custom-data
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/mit-plv/fiat-crypto
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS).
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/mozilla-services/services-central-legacy/tree/master/toolkit/mozapps/update/updat
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nih-at/libzip
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodeca/pako
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/open-source-parsers/jsoncpp
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/perfmark/perfmark
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/plume-lib/)
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/protocolbuffers/protobuf-javascript
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/puppeteer/replay
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pytorch/cpuinfo
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/requests/toolbelt
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/rianhunter/zxcvbn-cpp
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/rober42539/lao-dictionary
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/rober42539/lao-dictionary/LICENSE.txt
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/rober42539/lao-dictionary/laodict.txt
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/simplejson/simplejson
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/models
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/text.git
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/tkem/cachetools
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/typetools/annotation-tools)
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/typetools/jdk
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/typetools/stubparser
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/unicode-org/icu
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/webmproject/CrabbyAvif
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/xiph/flac/archive/refs/tags/1.4.2.zip
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/xiph/rnnoise
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/y-256/libdivsufsort
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/zorkow/speech-rule-engine
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gitlab.com/libeigen/eigen
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gitlab.freedesktop.org/libinput/libei
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gitlab.freedesktop.org/xorg/lib/libx11
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gitlab.freedesktop.org/xorg/lib/libxcb-keysyms
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gitlab.xiph.org/xiph/opus
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://jelloween.deviantart.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://jinja.palletsprojects.com/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://joyent.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://jquery.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://js.foundation/>
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://kotlinlang.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://libusb.info/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://lit.dev
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://llvm.org/docs/DeveloperPolicy.html#legacy):
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://mathiasbynens.be/>
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://mozilla.org/MPL/2.0/.
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://myactivity.google.com/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nuxi.nl/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://opensource.org/licenses/BSD-3-Clause
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://opensource.org/licenses/BSD-3-Clause):
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://opensource.org/licenses/Zlib)
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comAkaunti
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comAkun
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comCompte
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comConta
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comGoogle
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comGoogle-accountOpgeslagen
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comGoogle-kontoLagrede
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comGoogle-kontoSparade
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comGoogle-tilisi
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comKonta
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comT
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comcuenta
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pdfium.googlesource.com/pdfium/
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pki.goog/roots.pem
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://policies.google.com/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://polymer-library.polymer-project.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://primer.com.Uporaba
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/pyparsing
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/six/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.python.org/pypi/coverage
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.python.org/pypi/pyfakefs
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://quiche.googlesource.com/quiche
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_test
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://registry.khronos.org/EGL/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://registry.npmjs.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://reviews.llvm.org/source/llvm-github/repository/main/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://searchfox.org/mozilla-central/rev/0fec57c05d3996cc00c55a66f20dd5793a9bfb5d/security/manager/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sizzlejs.com/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://skia.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://source.android.com/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://source.chromium.org/chromium
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://source.corp.google.com/piper///depot/google3/third_party/tamachiyomi/README.md
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/project/?group_id=1519
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceware.org/ml/newlib/2005/msg00758.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceware.org/newlib/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sqlite.org/
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/answer/6098869?hl=es
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://unity3d.com/legal/branding_trademarks.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://unity3d.com/legal/licenses/Unity_Companion_License
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.freetype.org
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.github.com/KhronosGroup/EGL-Registry/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.gnu.org/licenses/>.
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.gnu.org/software/libc/
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&AideG
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&S
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlA&biHaldab
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlA&judaGerenciado
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlAy&udaGestionado
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlB&antuanDiurus
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlDikelola
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlG&uidaGestito
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpBeheerd
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&j
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&jelpAdministreres
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlInasimamiwa
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlO&hjeOrganisaatiosi
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlP&agalbaTvarko
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlP&al
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlP&omo
Source: svchost.exe, 00000000.00000003.1922586175.0000000007E43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlPomo&cZarz
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT&r
Source: svchost.exe, 00000000.00000003.1922586175.0000000007443000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT&ulongPinapamahalaan
Source: svchost.exe, 00000000.00000003.1922586175.0000000008843000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlYar&d
Source: svchost.exe, 00000000.00000003.1922586175.0000000006A43000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.khronos.org/registry/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.npmjs.com
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.npmjs.com/package/
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.npmjs.com/package/csp_evaluator
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.opensource.apple.com/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\svchost.exe File dump: svchost.exe.0.dr 180436992 Jump to dropped file
Enables security privileges
Source: C:\Users\user\Desktop\svchost.exe Process token adjusted: Security Jump to behavior
PE file contains more sections than normal
Source: svchost.exe.0.dr Static PE information: Number of sections : 15 > 10
Uses 32bit PE files
Source: svchost.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: mal72.evad.winEXE@14/502@1/1
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe File created: C:\Users\user\AppData\Roaming\svchost Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Mutant created: \Sessions\1\BaseNamedObjects\mfx_d3d_mutex
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4928:120:WilError_03
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nsdB88F.tmp Jump to behavior
Source: svchost.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\svchost.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File read: C:\Users\user\Desktop\svchost.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\svchost.exe "C:\Users\user\Desktop\svchost.exe"
Source: C:\Users\user\Desktop\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\svchost" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,10768761136844148512,6325765039296928006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\svchost" --field-trial-handle=2972,i,10768761136844148512,6325765039296928006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=852 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\svchost" --app-path="C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\resources\app.asar" --enable-sandbox --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1728824326784335 --launch-time-ticks=4868475320 --field-trial-handle=2992,i,10768761136844148512,6325765039296928006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:1
Source: C:\Users\user\Desktop\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\svchost" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,10768761136844148512,6325765039296928006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\svchost" --field-trial-handle=2972,i,10768761136844148512,6325765039296928006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=852 /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\svchost" --app-path="C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\resources\app.asar" --enable-sandbox --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1728824326784335 --launch-time-ticks=4868475320 --field-trial-handle=2992,i,10768761136844148512,6325765039296928006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:1 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp
Source: C:\Users\user\Desktop\svchost.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: ffmpeg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: kbdus.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: msspellcheckingfacility.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\svchost.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: svchost.exe Static file information: File size 87716694 > 1048576
Source: svchost.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: svchost.exe, 00000000.00000003.2015578894.0000000006100000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000000.00000003.2015833860.0000000006280000.00000004.00001000.00020000.00000000.sdmp
PE file contains sections with non-standard names
Source: ffmpeg.dll.0.dr Static PE information: section name: .gxfg
Source: ffmpeg.dll.0.dr Static PE information: section name: .retplne
Source: ffmpeg.dll.0.dr Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr Static PE information: section name: .gxfg
Source: libEGL.dll.0.dr Static PE information: section name: .retplne
Source: libEGL.dll.0.dr Static PE information: section name: _RDATA
Source: libGLESv2.dll.0.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll.0.dr Static PE information: section name: .retplne
Source: libGLESv2.dll.0.dr Static PE information: section name: _RDATA
Source: svchost.exe.0.dr Static PE information: section name: .gxfg
Source: svchost.exe.0.dr Static PE information: section name: .retplne
Source: svchost.exe.0.dr Static PE information: section name: .rodata
Source: svchost.exe.0.dr Static PE information: section name: CPADinfo
Source: svchost.exe.0.dr Static PE information: section name: LZMADEC
Source: svchost.exe.0.dr Static PE information: section name: _RDATA
Source: svchost.exe.0.dr Static PE information: section name: malloc_h
Source: svchost.exe.0.dr Static PE information: section name: prot
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .retplne
Source: vk_swiftshader.dll.0.dr Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr Static PE information: section name: .gxfg
Source: vulkan-1.dll.0.dr Static PE information: section name: .retplne
Source: vulkan-1.dll.0.dr Static PE information: section name: _RDATA
Source: ffmpeg.dll0.0.dr Static PE information: section name: .gxfg
Source: ffmpeg.dll0.0.dr Static PE information: section name: .retplne
Source: ffmpeg.dll0.0.dr Static PE information: section name: _RDATA
Source: koffi.node13.0.dr Static PE information: section name: _RDATA

Persistence and Installation Behavior
barindex
Drops PE files with benign system names
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\svchost.exe Jump to dropped file
Drops PE files
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\better-sqlite3\build\Release\better_sqlite3.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\build\koffi\win32_ia32\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\build\koffi\win32_x64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\build\koffi\win32_arm64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\elevate.exe Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\svchost.exe Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\nsis7z.dll Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\build\koffi\win32_arm64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\build\koffi\win32_ia32\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\build\koffi\win32_x64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\better-sqlite3\build\Release\better_sqlite3.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\doc\static\opensans\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\src\cnoke\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\resources\app.asar.unpacked\node_modules\koffi\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\resources\app.asar.unpacked\node_modules\koffi\doc\static\opensans\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\resources\app.asar.unpacked\node_modules\koffi\src\cnoke\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\cmd.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\explorer.exe Window / User API: foregroundWindowGot 886
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi\win32_arm64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\better-sqlite3\build\Release\better_sqlite3.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\build\koffi\win32_x64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\build\koffi\win32_ia32\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi\win32_ia32\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\app.asar.unpacked\node_modules\koffi\build\koffi\win32_arm64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\resources\elevate.exe Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi\win32_x64\koffi.node Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\svchost.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\nsis7z.dll Jump to dropped file
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\Desktop\svchost.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe File Volume queried: C:\Users\user\AppData\Roaming\svchost\Code Cache\js FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe File Volume queried: C:\Users\user\AppData\Roaming\svchost\blob_storage\a3570230-d27d-44ab-88bd-4453727503bb FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe File Volume queried: C:\Users\user\AppData\Roaming\svchost\Code Cache\wasm FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe File Volume queried: C:\Users\user\AppData\Roaming\svchost FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\locales Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build\koffi Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\app-64.7z Jump to behavior
Source: C:\Users\user\Desktop\svchost.exe File opened: C:\Users\user\AppData\Local\Temp\nssB89F.tmp\7z-out\node_modules\koffi\build Jump to behavior
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: * Neither the name of the VMware, Inc. nor the names of its contributors
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ARE DISCLAIMED. IN NO EVENT SHALL VMWARE, INC. OR CONTRIBUTORS BE LIABLE FOR
Source: svchost.exe, 00000000.00000003.1922586175.0000000006043000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Copyright (c) 2011, VMware, Inc.

HIPS / PFW / Operating System Protection Evasion
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Network Connect: 34.117.59.81 443 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\svchost" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,10768761136844148512,6325765039296928006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\svchost" --field-trial-handle=2972,i,10768761136844148512,6325765039296928006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=852 /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\svchost" --app-path="C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\resources\app.asar" --enable-sandbox --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1728824326784335 --launch-time-ticks=4868475320 --field-trial-handle=2992,i,10768761136844148512,6325765039296928006,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:1 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "c:\users\user\appdata\local\temp\2nl7ns3hemmzaquekahxy2ight7\svchost.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\svchost" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=1880,i,10768761136844148512,6325765039296928006,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:2
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "c:\users\user\appdata\local\temp\2nl7ns3hemmzaquekahxy2ight7\svchost.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\svchost" --field-trial-handle=2972,i,10768761136844148512,6325765039296928006,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=852 /prefetch:3
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "c:\users\user\appdata\local\temp\2nl7ns3hemmzaquekahxy2ight7\svchost.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\svchost" --app-path="c:\users\user\appdata\local\temp\2nl7ns3hemmzaquekahxy2ight7\resources\app.asar" --enable-sandbox --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1728824326784335 --launch-time-ticks=4868475320 --field-trial-handle=2992,i,10768761136844148512,6325765039296928006,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:1
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "c:\users\user\appdata\local\temp\2nl7ns3hemmzaquekahxy2ight7\svchost.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\svchost" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaeaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --field-trial-handle=1880,i,10768761136844148512,6325765039296928006,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "c:\users\user\appdata\local\temp\2nl7ns3hemmzaquekahxy2ight7\svchost.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\svchost" --field-trial-handle=2972,i,10768761136844148512,6325765039296928006,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=852 /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Process created: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe "c:\users\user\appdata\local\temp\2nl7ns3hemmzaquekahxy2ight7\svchost.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\svchost" --app-path="c:\users\user\appdata\local\temp\2nl7ns3hemmzaquekahxy2ight7\resources\app.asar" --enable-sandbox --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1728824326784335 --launch-time-ticks=4868475320 --field-trial-handle=2992,i,10768761136844148512,6325765039296928006,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:1 Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\2nL7nS3HEmMzaquEkAHxy2ighT7\svchost.exe Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532544 Sample: svchost.exe Startdate: 13/10/2024 Architecture: WINDOWS Score: 72 37 ipinfo.io 2->37 41 Sigma detected: System File Execution Location Anomaly 2->41 43 Sigma detected: Windows Binaries Write Suspicious Extensions 2->43 45 Sigma detected: Suspect Svchost Activity 2->45 47 Sigma detected: Files With System Process Name In Unsuspected Locations 2->47 9 svchost.exe 1253 2->9         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\svchost.exe, PE32+ 9->29 dropped 31 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 9->31 dropped 33 C:\Users\user\AppData\Local\...\System.dll, PE32 9->33 dropped 35 24 other files (2 malicious) 9->35 dropped 49 Drops large PE files 9->49 51 Drops PE files with benign system names 9->51 13 svchost.exe 54 9->13         started        signatures6 process7 dnsIp8 39 ipinfo.io 34.117.59.81, 443, 49738 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 13->39 53 System process connects to network (likely due to code injection or exploit) 13->53 17 cmd.exe 13->17         started        19 svchost.exe 13->19         started        21 explorer.exe 13->21 injected 23 2 other processes 13->23 signatures9 process10 process11 25 conhost.exe 17->25         started        27 chcp.com 17->27         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
34.117.59.81
 ipinfo.io United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG true

Contacted Domains

Name IP Active
ipinfo.io 34.117.59.81 true