Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_009D9C53 __EH_prolog3,CertCreateCertificateContext,__EH_prolog3_GS,CryptStringToBinaryA,CryptStringToBinaryA, |
Source: SophosSetup (9).exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | File created: C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_142940.log | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | File created: C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_142943.log | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | File created: C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_142946.log | Jump to behavior |
Source: SophosSetup (9).exe | Static PE information: certificate valid |
Source: SophosSetup (9).exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: | Binary string: C:\workspace\_bin\Win32\Release\SafeLauncher.pdb source: SophosSetup (9).exe |
Source: | Binary string: C:\workspace\_bin\Win32\Release\Setup.pdb source: SophosSetup (9).exe |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_009EFF2C FindFirstFileExW,__Read_dir,FindClose,std::tr2::sys::_Strcpy, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B4FF2C FindFirstFileExW,__Read_dir,FindClose,std::tr2::sys::_Strcpy, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F4FF2C FindFirstFileExW,__Read_dir,FindClose,std::tr2::sys::_Strcpy, |
Source: Setup.exe, 00000003.00000002.246648079.0000000002F86000.00000004.00000040.sdmp | String found in binary or memory: http://cacerts.d_ |
Source: SophosSetup (9).exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: SophosSetup (9).exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0 |
Source: SophosSetup (9).exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0 |
Source: SophosSetup (9).exe | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: Setup.exe, 00000003.00000003.207461057.0000000002CC0000.00000004.00000001.sdmp, Setup.exe, 00000006.00000003.214179711.00000000008C2000.00000004.00000001.sdmp, Setup.exe, 00000008.00000002.228992339.00000000008F7000.00000004.00000020.sdmp | String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: SophosSetup (9).exe | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: SophosSetup (9).exe | String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: SophosSetup (9).exe | String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07 |
Source: SophosSetup (9).exe | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: Setup.exe, 00000006.00000002.238159203.0000000000AE6000.00000004.00000040.sdmp | String found in binary or memory: http://crl4.digicert. |
Source: SophosSetup (9).exe | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: SophosSetup (9).exe | String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0 |
Source: SophosSetup (9).exe | String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K |
Source: SophosSetup (9).exe | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: Setup.exe, 00000003.00000002.247044892.0000000004BE2000.00000004.00000001.sdmp, Setup.exe, 00000008.00000002.230087964.0000000004AB2000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.dig |
Source: Setup.exe, 00000003.00000002.246648079.0000000002F86000.00000004.00000040.sdmp | String found in binary or memory: http://ocsp.digicert.c# |
Source: SophosSetup (9).exe | String found in binary or memory: http://ocsp.digicert.com0C |
Source: SophosSetup (9).exe | String found in binary or memory: http://ocsp.digicert.com0H |
Source: SophosSetup (9).exe | String found in binary or memory: http://ocsp.digicert.com0I |
Source: SophosSetup (9).exe | String found in binary or memory: http://ocsp.digicert.com0O |
Source: Setup.exe, 00000006.00000002.242624835.0000000004AA2000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.digy |
Source: SophosSetup (9).exe | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: SophosSetup (9).exe | String found in binary or memory: http://www.emtype.nethttp://www.emtype.net/emtype_eula.phpSophos |
Source: SophosSetup (9).exe | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: SophosSetup (9).exe | String found in binary or memory: https://www.sophos.com/de-de/legal.aspx |
Source: SophosSetup (9).exe | String found in binary or memory: https://www.sophos.com/en-us/legal.aspx |
Source: SophosSetup (9).exe | String found in binary or memory: https://www.sophos.com/es-es/legal.aspx |
Source: SophosSetup (9).exe | String found in binary or memory: https://www.sophos.com/fr-fr/legal.aspx |
Source: SophosSetup (9).exe | String found in binary or memory: https://www.sophos.com/it-it/legal.aspx |
Source: SophosSetup (9).exe | String found in binary or memory: https://www.sophos.com/ja-jp/legal.aspx |
Source: SophosSetup (9).exe | String found in binary or memory: https://www.sophos.com/zh-cn/legal.aspx |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_009A70DD |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A212F9 |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_009DD2FD |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A0A3C0 |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A28319 |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_009DB368 |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A28439 |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A0F89D |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A268C8 |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_009A7847 |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A15A90 |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A1EA74 |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A13B36 |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B070DD |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B07847 |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B6A3C0 |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F070DD |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F07847 |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F6A3C0 |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: String function: 00B527C4 appears 95 times |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: String function: 00B527F8 appears 64 times |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: String function: 00F527F8 appears 65 times |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: String function: 00F527C4 appears 95 times |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Code function: String function: 001F1DE0 appears 40 times |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: String function: 009F3000 appears 32 times |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: String function: 00996B45 appears 88 times |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: String function: 009F27C4 appears 129 times |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: String function: 009956EF appears 47 times |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: String function: 009F27F8 appears 118 times |
Source: SophosSetup (9).exe | Static PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows |
Source: SophosSetup (9).exe | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: Setup.exe.1.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: Setup.exe.5.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: Setup.exe.7.dr | Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: SophosSetup (9).exe, 00000001.00000002.247237400.0000000000225000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSetup.exeD vs SophosSetup (9).exe |
Source: SophosSetup (9).exe, 00000001.00000002.247237400.0000000000225000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSophosSetup.exeD vs SophosSetup (9).exe |
Source: SophosSetup (9).exe, 00000005.00000000.210490013.0000000000225000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSetup.exeD vs SophosSetup (9).exe |
Source: SophosSetup (9).exe, 00000005.00000000.210490013.0000000000225000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSophosSetup.exeD vs SophosSetup (9).exe |
Source: SophosSetup (9).exe, 00000007.00000002.230259316.0000000000225000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSetup.exeD vs SophosSetup (9).exe |
Source: SophosSetup (9).exe, 00000007.00000002.230259316.0000000000225000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameSophosSetup.exeD vs SophosSetup (9).exe |
Source: SophosSetup (9).exe | Binary or memory string: OriginalFilenameSetup.exeD vs SophosSetup (9).exe |
Source: SophosSetup (9).exe | Binary or memory string: OriginalFilenameSophosSetup.exeD vs SophosSetup (9).exe |
Source: SophosSetup (9).exe | Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE |
Source: classification engine | Classification label: clean5.winEXE@9/9@0/0 |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Code function: 1_2_001F1260 HeapReAlloc,ConvertStringSecurityDescriptorToSecurityDescriptorW,FindResourceW,LoadResource,LockResource,SizeofResource,CreateFileW,WriteFile,CloseHandle,HeapAlloc,HeapAlloc,HeapAlloc,HeapFree,HeapFree,HeapAlloc,HeapFree,HeapAlloc,HeapFree,HeapAlloc,HeapFree,HeapAlloc,GetStartupInfoW,CreateProcessW,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,CloseHandle,HeapFree,HeapFree, |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | File created: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400 | Jump to behavior |
Source: SophosSetup (9).exe | Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Source: Setup.exe | String found in binary or memory: full/central/windows/business/installer/ |
Source: SophosSetup (9).exe | String found in binary or memory: #\.\.\. (\w+) ([A-Za-z0-9/+=]+)\n#sig (\w+) ([A-Za-z0-9/+=]+)\ncert[BADSIG]: [BADFILE]: : '[VE_BADCERT]: Running setup.SetHandleInformation failed: CreatePipe failed: ReadFile failed: Failed to run setup program. CreateProcess failed: )Unexpected bytes_read failed: Unexpected size field value: (expected Failed to retrieve the exit code for the Setup programFailed to retrieve the exit code for the Setup program! Error code (for GetExitCodeProcess): Setup program failed with code: No value was provided for --customertokenNo value was provided for --epinstallerserver No value was provided for --productsNon string value provided for Content-Typeapplication/json; charset=utf-8Failed to get stage-2 infoapi/download/stage2-details/Failed to get stage-2 info: . Status code: stage1_version1.10.305.0Parsing message received for Stage 2 filename: 'processor_architectureJson content was :Error parsing json file for Stage 2 filename: mcs_serverstage2_filenamedeprecated_stage_1errorFailed to get stage 2 details: Stage 2 details suggest an expired Stage was used.Failed to get stage 2 details: Unrecognised or insufficient content.application/gzipdownloads.sophos.comfull/central/windows/business/installer/AcceptFailed to download stage-2 archive. Status code: 404 error indicating potentially expired stage 1Failed to download stage-2 archive: ReOpenFile failed (intermediate_handle): Extracting files:ReOpenFile failed (new_handle): Extraction failure.Failed to read long filename.Extraction failureMissing file after long filename.failed to read long filenameFailed to open file.Missing file after long filenameCan't write to file.Failed to open filecan't write to file\" |
Source: SophosSetup (9).exe | String found in binary or memory: "setup.failure.launch": "Failed to run the system pre-installation checks.", |
Source: SophosSetup (9).exe | String found in binary or memory: "setup.progress.running_prechecks": "Pre-installation checks...", |
Source: SophosSetup (9).exe | String found in binary or memory: stato possibile effettuare i controlli pre-installazione.", |
Source: SophosSetup (9).exe | String found in binary or memory: "setup.progress.running_prechecks": "Controlli pre-installazione...", |
Source: unknown | Process created: C:\Users\user\Desktop\SophosSetup (9).exe 'C:\Users\user\Desktop\SophosSetup (9).exe' -install |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Process created: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe 'C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe' -install |
Source: unknown | Process created: C:\Users\user\Desktop\SophosSetup (9).exe 'C:\Users\user\Desktop\SophosSetup (9).exe' /install |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Process created: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe 'C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe' /install |
Source: unknown | Process created: C:\Users\user\Desktop\SophosSetup (9).exe 'C:\Users\user\Desktop\SophosSetup (9).exe' /load |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Process created: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe 'C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe' /load |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Process created: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe 'C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe' -install |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Process created: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe 'C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe' /install |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Process created: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe 'C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe' /load |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Automated click: OK |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Automated click: OK |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Automated click: OK |
Source: SophosSetup (9).exe | Static PE information: certificate valid |
Source: SophosSetup (9).exe | Static file information: File size 1565616 > 1048576 |
Source: SophosSetup (9).exe | Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x175c00 |
Source: SophosSetup (9).exe | Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Source: SophosSetup (9).exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: | Binary string: C:\workspace\_bin\Win32\Release\SafeLauncher.pdb source: SophosSetup (9).exe |
Source: | Binary string: C:\workspace\_bin\Win32\Release\Setup.pdb source: SophosSetup (9).exe |
Source: SophosSetup (9).exe | Static PE information: real checksum: 0x63e1d4 should be: 0x1897be |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_009F278D push ecx; ret |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A2BCF4 push ecx; ret |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B8BCF4 push ecx; ret |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B5278D push ecx; ret |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F8BCF4 push ecx; ret |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F5278D push ecx; ret |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | File created: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | File created: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Jump to dropped file |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | File created: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | File created: C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_142940.log | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | File created: C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_142943.log | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | File created: C:\ProgramData\Sophos\CloudInstaller\Logs\SophosCloudInstaller_20210513_142946.log | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_009EFF2C FindFirstFileExW,__Read_dir,FindClose,std::tr2::sys::_Strcpy, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B4FF2C FindFirstFileExW,__Read_dir,FindClose,std::tr2::sys::_Strcpy, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F4FF2C FindFirstFileExW,__Read_dir,FindClose,std::tr2::sys::_Strcpy, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A0D414 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A0D0BB mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A1AE06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B6D0BB mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B7AE06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F6D0BB mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F7AE06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Code function: 1_2_001F2210 EntryPoint,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,GetProcessHeap,GetCommandLineW,HeapAlloc,HeapAlloc,HeapFree,HeapFree,HeapFree, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00A0D414 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_009F2A25 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B52A25 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: 6_2_00B6D414 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F52A25 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: 8_2_00F6D414 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\SophosSetup (9).exe | Code function: 1_2_001F2210 EntryPoint,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,GetProcessHeap,GetCommandLineW,HeapAlloc,HeapAlloc,HeapFree,HeapFree,HeapFree, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-5b4b6400\Setup.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: EnumSystemLocalesW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
Source: C:\Users\user\AppData\Local\Temp\sfl-1bfb6400\Setup.exe | Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Code function: 3_2_00999ADA __EH_prolog3_GS,GetLastError,GetSystemTimeAsFileTime,SetLastError, |
Source: C:\Users\user\AppData\Local\Temp\sfl-9a9a6400\Setup.exe | Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.