Windows Analysis Report
INSTALL.EXE

Overview

General Information

Sample name: INSTALL.EXE
Analysis ID: 1545884
MD5: 3a365ce67bad474553673693275d66d7
SHA1: d27a8c5e0418ce32161e1652fe07d95ea6b6a9e8
SHA256: d15f527f1bc5c07b61713817af81aa20f76af3411009eb7479e88b73c42463bb
Infos:

Detection

Score: 4
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Found dropped PE file which has not been started or loaded
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Source: INSTALL.EXE Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetupFontLicence.txt
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\INSTALL\WDSetupFontLicence.txt
Source: unknown HTTPS traffic detected: 176.31.87.56:443 -> 192.168.2.16:49697 version: TLS 1.2
Source: unknown HTTPS traffic detected: 176.31.87.56:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: INSTALL.EXE Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: lx-sogexi-sensycityprod.pcscloud.net
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown HTTPS traffic detected: 176.31.87.56:443 -> 192.168.2.16:49697 version: TLS 1.2
Source: unknown HTTPS traffic detected: 176.31.87.56:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: INSTALL.EXE Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: clean4.winEXE@5/164@2/11
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\INSTALL[1].zip
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Mutant created: \Sessions\1\BaseNamedObjects\Local\MEM_WDSETUP_CNX_HTTP_MTX
Source: C:\Users\user\Desktop\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD_495E.tmp
Source: INSTALL.EXE Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\INSTALL.EXE File read: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\Desktop\INSTALL.EXE Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\INSTALL.EXE File read: C:\Users\user\Desktop\INSTALL.EXE
Source: unknown Process created: C:\Users\user\Desktop\INSTALL.EXE "C:\Users\user\Desktop\INSTALL.EXE"
Source: C:\Users\user\Desktop\INSTALL.EXE Process created: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE "C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE"
Source: C:\Users\user\Desktop\INSTALL.EXE Process created: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE "C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE"
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE "C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE" /REP="C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\" /PID_PARENT=6324 /VERSION_PARENT=27 /COMPOSITE=0 /WXF="C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\INST.WXF" "C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE"
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE "C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE" /REP="C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\" /PID_PARENT=6324 /VERSION_PARENT=27 /COMPOSITE=0 /WXF="C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\INST.WXF" "C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE"
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: mpr.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: wldp.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: propsys.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: profapi.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: edputil.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: netutils.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: slc.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: userenv.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: sppc.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: explorerframe.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: inked.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: msftedit.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: globinputhost.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\INSTALL.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32
Source: C:\Users\user\Desktop\INSTALL.EXE File written: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.INI
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL
Source: INSTALL.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: INSTALL.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: INSTALL.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: INSTALL.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: INSTALL.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: INSTALL.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: INSTALL.EXE Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: INSTALL.EXE Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: INSTALL.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: INSTALL.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: INSTALL.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: INSTALL.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: INSTALL.EXE Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: INSTALL.EXE Static PE information: real checksum: 0x591d9 should be: 0x94518
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270zip.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\WDUNINST.EXE Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270obj.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270trs.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270sql.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270std.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\ProgramData\SensyCity\Fichiers Utilitaires\CDM v2.12.00 WHQL Certified.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\wd270web\swiftshader\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270cpl.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\SensyCity.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\wd270web\wd270webexe.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270xml.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDMetabase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\wd270web\libcef.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270com.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270mat.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\wd270web\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270hf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270uni.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270vm.dll Jump to dropped file
Source: C:\Users\user\Desktop\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270pnt.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\wd270web\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\wd270web\swiftshader\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270ole.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\ProgramData\SensyCity\Fichiers Utilitaires\CDM212364_Setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270mdl.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\ProgramData\SensyCity\Fichiers Utilitaires\CDM v2.12.00 WHQL Certified.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\ProgramData\SensyCity\Fichiers Utilitaires\CDM212364_Setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE File created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetupFontLicence.txt
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File created: C:\Program Files (x86)\SensyCity\INSTALL\WDSetupFontLicence.txt
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270zip.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\Program Files (x86)\SensyCity\WDUNINST.EXE Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270obj.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270trs.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270sql.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270std.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\ProgramData\SensyCity\Fichiers Utilitaires\CDM v2.12.00 WHQL Certified.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\Program Files (x86)\SensyCity\wd270web\swiftshader\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270cpl.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\Program Files (x86)\SensyCity\SensyCity.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\Program Files (x86)\SensyCity\wd270web\wd270webexe.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270xml.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDMetabase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\Program Files (x86)\SensyCity\wd270web\libcef.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270com.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270mat.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\Program Files (x86)\SensyCity\wd270web\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270hf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270uni.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270vm.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270pnt.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\Program Files (x86)\SensyCity\wd270web\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\Program Files (x86)\SensyCity\wd270web\swiftshader\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270ole.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Dropped PE file which has not been started: C:\ProgramData\SensyCity\Fichiers Utilitaires\CDM212364_Setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\wd270mdl.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process information queried: ProcessInformation
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Process token adjusted: Debug
Source: C:\Users\user\Desktop\INSTALL.EXE Process created: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE "C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE"
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE "C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE" /REP="C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\" /PID_PARENT=6324 /VERSION_PARENT=27 /COMPOSITE=0 /WXF="C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\INST.WXF" "C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE"
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE "c:\users\user\appdata\local\temp\wd4ecd.tmp\wdsetup.exe" /rep="c:\users\user\appdata\local\temp\wd4ecd.tmp\" /pid_parent=6324 /version_parent=27 /composite=0 /wxf="c:\users\user\appdata\local\temp\wd4ecd.tmp\inst.wxf" "c:\users\user\appdata\local\temp\wd_495e.tmp\install.exe"
Source: C:\Users\user\AppData\Local\Temp\WD_495E.tmp\INSTALL.EXE Process created: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE "c:\users\user\appdata\local\temp\wd4ecd.tmp\wdsetup.exe" /rep="c:\users\user\appdata\local\temp\wd4ecd.tmp\" /pid_parent=6324 /version_parent=27 /composite=0 /wxf="c:\users\user\appdata\local\temp\wd4ecd.tmp\inst.wxf" "c:\users\user\appdata\local\temp\wd_495e.tmp\install.exe"
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Queries volume information: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Queries volume information: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Queries volume information: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\WD4ECD.tmp\WDSetup.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid