Loading ...

Analysis Report

Overview

General Information

Joe Sandbox Version:23.0.0
Analysis ID:67741
Start time:11:24:12
Joe Sandbox Product:CloudBasic
Start date:12.07.2018
Overall analysis duration:0h 5m 41s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:GoToMeeting Opener.exe
Cookbook file name:default.jbs
Analysis system description:Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • HCA enabled
  • EGA enabled
  • HDC enabled
Analysis stop reason:Timeout
Detection:MAL
Classification:mal48.evad.winEXE@6/16@2/2
HCA Information:
  • Successful, ratio: 99%
  • Number of executed functions: 132
  • Number of non-executed functions: 154
EGA Information:
  • Successful, ratio: 100%
HDC Information:Failed
Cookbook Comments:
  • Adjust boot time
  • Correcting counters for adjusted boot time
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated
Warnings:
Show All
  • Exclude process from analysis (whitelisted): conhost.exe, dllhost.exe
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Detection

StrategyScoreRangeReportingDetection
Threshold480 - 100Report FP / FNmalicious

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold50 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Signature Overview

Click to jump to signature section


AV Detection:

barindex
Antivirus detection for unpacked fileShow sources
Source: 1.0.GoToMeeting Opener.exe.1040000.0.unpackAvira: Label: TR/Crypt.ULPM.Gen
Source: 1.2.GoToMeeting Opener.exe.1040000.8.unpackAvira: Label: TR/Crypt.ULPM.Gen
Source: 1.1.GoToMeeting Opener.exe.1040000.0.unpackAvira: Label: TR/Crypt.ULPM.Gen

E-Banking Fraud:

barindex
Drops certificate files (DER)Show sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0270780F846F08BEFE0DD8112D932FEFJump to dropped file
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619Jump to dropped file
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5887976EDAA817EEF5159B09F6FCD000_4F305F439943F8EFF7AB33D515B129E1Jump to dropped file

Networking:

barindex
Contains functionality to download additional files from the internetShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01066BD5 InternetReadFileExA,GetTickCount,1_2_01066BD5
Downloads filesShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TZNT9WD\GoToOpener[1].msiJump to behavior
Found strings which match to known social media urlsShow sources
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: login.yahoo.com equals www.yahoo.com (Yahoo)
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: launch.getgo.com
Urls found in memory or binary dataShow sources
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://c
Source: GoToMeeting Opener.exe, 00000001.00000002.21293372977.038F0000.00000004.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt0
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://crl.comodo.net/UTN-USERFirst-Hardware.crl0q
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: GoToMeeting Opener.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://crl.usertrust.com/UTN-USERFirst-Object.crl0)
Source: GoToMeeting Opener.exe, 00000001.00000003.21004067000.0052E000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl
Source: GoToMeeting Opener.exe, 00000001.00000003.21004067000.0052E000.00000004.sdmp, 9F9C58BCF02CB8A34F017EC53AEBBE1C0.1.drString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl0
Source: GoToMeeting Opener.exe, 00000001.00000002.21293372977.038F0000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crl04
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crlM
Source: GoToMeeting Opener.exe, 00000001.00000003.21004067000.0052E000.00000004.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ev-server-g2.crlc
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
Source: GoToMeeting Opener.exe, 00000001.00000002.21284916129.03370000.00000004.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: GoToMeeting Opener.exe, 00000001.00000002.21284916129.03370000.00000004.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl
Source: GoToMeeting Opener.exe, 00000001.00000003.21004100597.03394000.00000004.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl00Y
Source: GoToMeeting Opener.exe, 00000001.00000002.21293372977.038F0000.00000004.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ev-server-g2.crl0K
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://crt.comodoca.com/UTNAddTrustServerCA.crt0$
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmpString found in binary or memory: http://cybertrust.omniroot.com/repository.cfm0
Source: GoToMeeting Opener.exe, GoToMeeting Opener.exe, 00000001.00000001.20991445154.01041000.00000040.sdmpString found in binary or memory: http://launch.getgo.com/launcher2/errors/app?sessionTrackingId=%s&token=%s&platform=WINDOWS&errorCod
Source: GoToMeeting Opener.exeString found in binary or memory: http://link.logm
Source: GoToMeeting Opener.exeString found in binary or memory: http://link.logmeininc.co
Source: GoToMeeting Opener.exeString found in binary or memory: http://link.logmeininc.com
Source: GoToMeeting Opener.exe, 00000001.00000001.20992799103.010DB000.00000040.sdmpString found in binary or memory: http://link.logmeininc.com/get-help
Source: GoToMeeting Opener.exe, GoToMeeting Opener.exe, 00000001.00000001.20992799103.010DB000.00000040.sdmpString found in binary or memory: http://link.logmeininc.com/get-help)
Source: GoToMeeting Opener.exe, 00000001.00000001.20992799103.010DB000.00000040.sdmpString found in binary or memory: http://link.logmeininc.com/get-help.
Source: GoToMeeting Opener.exe, GoToMeeting Opener.exe, 00000001.00000001.20992799103.010DB000.00000040.sdmpString found in binary or memory: http://link.logmeininc.com/get-help.#%1
Source: GoToMeeting Opener.exe, 00000001.00000001.20992799103.010DB000.00000040.sdmpString found in binary or memory: http://link.logmeininc.com/get-help.#Sovelluksen
Source: GoToMeeting Opener.exe, GoToMeeting Opener.exe, 00000001.00000001.20992799103.010DB000.00000040.sdmpString found in binary or memory: http://link.logmeininc.com/get-help.$Instalace
Source: GoToMeeting Opener.exe, 00000001.00000001.20992799103.010DB000.00000040.sdmpString found in binary or memory: http://link.logmeininc.com/get-help.9Fel
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://ocsp
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: GoToMeeting Opener.exe, 00000001.00000003.21004067000.0052E000.00000004.sdmp, GoToMeeting Opener.exe, 00000001.00000003.21004100597.03394000.00000004.sdmp, 5887976EDAA817EEF5159B09F6FCD000_4F305F439943F8EFF7AB33D515B129E1.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmA
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmp, EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619.1.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1Jg
Source: GoToMeeting Opener.exe, 00000001.00000002.21284916129.03370000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.com0K
Source: GoToMeeting Opener.exe, 00000001.00000002.21293372977.038F0000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.com0R
Source: GoToMeeting Opener.exe, 00000001.00000003.21020539193.0053D000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/sha2-ev-server-g2.crlhttp://crl4.digicert.com/sha2-
Source: GoToMeeting Opener.exe, 00000001.00000002.21042419060.004F9000.00000004.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: GoToMeeting Opener.exeString found in binary or memory: http://ocsp.thawte.com0
Source: GoToMeeting Opener.exeString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: GoToMeeting Opener.exeString found in binary or memory: http://s2.symcb.com0
Source: GoToMeeting Opener.exeString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: GoToMeeting Opener.exeString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: GoToMeeting Opener.exeString found in binary or memory: http://sv.symcd.com0&
Source: GoToMeeting Opener.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: GoToMeeting Opener.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: GoToMeeting Opener.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://www.public-trust.com/CPS/OmniRoot.html0
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl0
Source: GoToMeeting Opener.exeString found in binary or memory: http://www.symauth.com/cps0(
Source: GoToMeeting Opener.exeString found in binary or memory: http://www.symauth.com/rpa00
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: http://www.usertrust.com1
Source: GoToMeeting Opener.exe, 00000001.00000002.21286223706.03382000.00000004.sdmpString found in binary or memory: https://builds.cdn.getgo.com/
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmp, GoToOpener.log.1.drString found in binary or memory: https://builds.cdn.getgo.com/builds/g2m/8953/
Source: GoToMeeting Opener.exe, 00000001.00000002.21045268665.0052E000.00000004.sdmpString found in binary or memory: https://builds.cdn.getgo.com/builds/g2m/8953/G2MCoreInstExtractor.exe
Source: GoToOpener.log.1.drString found in binary or memory: https://builds.cdn.getgo.com:443/builds/g2m/8953/G2MCoreInstExtractor.exe
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmp, GoToOpener.log.1.drString found in binary or memory: https://builds.getgocdn.com/builds/g2m/8953/
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmpString found in binary or memory: https://builds.getgocdn.com/builds/g2m/8953/Id=ul-d267-f970-c600-c52f0e234a2d
Source: GoToMeeting Opener.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: GoToMeeting Opener.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmpString found in binary or memory: https://launch.getgo.com/)
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmpString found in binary or memory: https://launch.getgo.com/I
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmp, GoToOpener.log.1.drString found in binary or memory: https://launch.getgo.com/builds/launcher/481/GoToOpener.msi
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmpString found in binary or memory: https://launch.getgo.com/builds/launcher/481/GoToOpener.msiG
Source: GoToMeeting Opener.exeString found in binary or memory: https://launch.getgo.com/launcher2/errors/dllerror?name=
Source: GoToMeeting Opener.exe, 00000001.00000001.20991445154.01041000.00000040.sdmpString found in binary or memory: https://launch.getgo.com/launcher2/errors/dllerror?name=Will
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmp, GoToOpener.log.1.drString found in binary or memory: https://launch.getgo.com/launcher2/latest/GoToOpener.msi
Source: GoToMeeting Opener.exe, 00000001.00000002.21034592963.00464000.00000004.sdmp, GoToOpener.log.1.drString found in binary or memory: https://launch.getgo.com/launcher2/telemetry/helper?token=e0-nJs_usIXhNv52GAW2IvhVxcqjzVr0PJoiwpRgql
Source: GoToOpener.log.1.drString found in binary or memory: https://launch.getgo.com:443/launcher2/latest/GoToOpener.msi
Source: GoToOpener.log.1.drString found in binary or memory: https://launch.getgo.com:443/launcher2/telemetry/helper?token=e0-nJs_usIXhNv52GAW2IvhVxcqjzVr0PJoiwp
Source: GoToMeeting Opener.exe, 00000001.00000003.21003993867.004F9000.00000004.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: GoToMeeting Opener.exe, 00000001.00000002.21284916129.03370000.00000004.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178

Persistence and Installation Behavior:

barindex
Drops PE filesShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile created: C:\Users\HERBBL~1\AppData\Local\Temp\B8E53152-8E4B-4BCC-B743-50E3AEDC3862\GoTo Opener.exeJump to dropped file

Data Obfuscation:

barindex
Contains functionality to dynamically determine API callsShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_010411A8 LoadLibraryW,GetProcAddress,GetProcAddress,1_2_010411A8
PE file contains an invalid checksumShow sources
Source: GoToMeeting Opener.exeStatic PE information: real checksum: 0x519b9 should be: 0x4e7ba
Source: GoTo Opener.exe.1.drStatic PE information: real checksum: 0x519b9 should be: 0x56116
Uses code obfuscation techniques (call, push, ret)Show sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01086705 push ecx; ret 1_2_01086718
Sample is packed with UPXShow sources
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Spreading:

barindex
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_010796EC FindFirstFileW,GetLastError,1_2_010796EC
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_010454E3 FindFirstFileW,LocalFree,GetLastError,OutputDebugStringW,LocalFree,FindClose,1_2_010454E3
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01078BCD FindFirstFileW,FindClose,1_2_01078BCD
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_010796EC FindFirstFileW,GetLastError,1_1_010796EC
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_010454E3 FindFirstFileW,LocalFree,GetLastError,OutputDebugStringW,LocalFree,FindClose,1_1_010454E3
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_01078BCD FindFirstFileW,FindClose,1_1_01078BCD

System Summary:

barindex
Abnormal high CPU UsageShow sources
Source: C:\Windows\System32\cmd.exeProcess Stats: CPU usage > 98%
Creates mutexesShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeMutant created: \Sessions\1\BaseNamedObjects\CitrixOnlineLauncher-B4E03BB8-D659-4767-8CA9-C1E6AE9414CF
Detected potential crypto functionShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_010906BE1_2_010906BE
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01108DC01_2_01108DC0
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0108A84D1_2_0108A84D
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_010980AB1_2_010980AB
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0109CCC01_2_0109CCC0
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0109AAAC1_2_0109AAAC
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01099C601_2_01099C60
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0108A4101_2_0108A410
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0109861D1_2_0109861D
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0109E3991_2_0109E399
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01097B391_2_01097B39
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0105884C1_2_0105884C
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01087E821_2_01087E82
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0109417C1_2_0109417C
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0108C5EF1_2_0108C5EF
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_010906BE1_1_010906BE
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_01108DC01_1_01108DC0
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_0108A84D1_1_0108A84D
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_010980AB1_1_010980AB
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_0109CCC01_1_0109CCC0
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_0109AAAC1_1_0109AAAC
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_01099C601_1_01099C60
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_0108A4101_1_0108A410
Found potential string decryption / allocating functionsShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 010866C0 appears 73 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 010686CB appears 40 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0107C666 appears 81 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0106DE14 appears 309 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0106BD63 appears 46 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0104787E appears 68 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0106E0B2 appears 39 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0106B380 appears 184 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0106B3F0 appears 37 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0106C12B appears 224 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 01062E28 appears 158 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 010635CC appears 39 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0106C588 appears 42 times
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: String function: 0106B840 appears 86 times
PE file contains executable resources (Code or Archives)Show sources
Source: GoToMeeting Opener.exeStatic PE information: Resource name: RT_ICON type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 17.177
Source: GoTo Opener.exe.1.drStatic PE information: Resource name: RT_ICON type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 17.177
PE file contains strange resourcesShow sources
Source: GoToMeeting Opener.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GoToMeeting Opener.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GoToMeeting Opener.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GoTo Opener.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GoTo Opener.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: GoTo Opener.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Reads the hosts fileShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Sample file is different than original file name gathered from version infoShow sources
Source: GoToMeeting Opener.exe, 00000001.00000002.21049227129.00650000.00000008.sdmpBinary or memory string: OriginalFilenamewshtcpip.dll.muij% vs GoToMeeting Opener.exe
Source: GoToMeeting Opener.exe, 00000001.00000002.21030234999.000E0000.00000008.sdmpBinary or memory string: OriginalFilenamewininet.dll.muiD vs GoToMeeting Opener.exe
Source: GoToMeeting Opener.exe, 00000001.00000002.21061127044.00860000.00000008.sdmpBinary or memory string: OriginalFilenameKernelbasej% vs GoToMeeting Opener.exe
Source: GoToMeeting Opener.exe, 00000001.00000002.21056563363.007C0000.00000008.sdmpBinary or memory string: OriginalFilenamewship6.dll.muij% vs GoToMeeting Opener.exe
Source: GoToMeeting Opener.exe, 00000001.00000002.21054577345.006E0000.00000008.sdmpBinary or memory string: OriginalFilenameSETUPAPI.DLL.MUIj% vs GoToMeeting Opener.exe
Source: GoToMeeting Opener.exe, 00000001.00000002.21058190724.007F0000.00000008.sdmpBinary or memory string: OriginalFilenamenetmsg.DLL.MUIj% vs GoToMeeting Opener.exe
Source: GoToMeeting Opener.exe, 00000001.00000002.21123425477.0111A000.00000004.sdmpBinary or memory string: OriginalFilenameGoToOpener.exe4 vs GoToMeeting Opener.exe
Source: GoToMeeting Opener.exe, 00000001.00000002.21056878752.007D0000.00000008.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs GoToMeeting Opener.exe
Source: GoToMeeting Opener.exe, 00000001.00000002.21057608162.007E0000.00000008.sdmpBinary or memory string: OriginalFilenamewinhttp.dll.muij% vs GoToMeeting Opener.exe
Source: GoToMeeting Opener.exeBinary or memory string: OriginalFilenameGoToOpener.exe4 vs GoToMeeting Opener.exe
PE file has section (not .text) which is very likely to contain packed code (zlib compression ratio < 0.011)Show sources
Source: GoToMeeting Opener.exeStatic PE information: Section: UPX1 ZLIB complexity 0.995019303613
Source: GoTo Opener.exe.1.drStatic PE information: Section: UPX1 ZLIB complexity 0.995019303613
Classification labelShow sources
Source: classification engineClassification label: mal48.evad.winEXE@6/16@2/2
Contains functionality for error loggingShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0106BE42 GetSystemDirectoryW,LoadLibraryExW,FormatMessageW,_wcschr,_wcschr,LocalFree,FreeLibrary,GetLastError,1_2_0106BE42
Contains functionality to enum processes or threadsShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0107B58A CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,1_2_0107B58A
Creates files inside the user directoryShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619Jump to behavior
Creates temporary filesShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile created: C:\Users\HERBBL~1\AppData\Local\Temp\LogMeInLogsJump to behavior
Executes batch filesShow sources
Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\HERBBL~1\AppData\Local\Temp\C4BCE0E5-EE0F-4947-ABB1-5694E8C7FF19.bat' 'C:\Users\user\Desktop\GoToMeeting Opener.exe''
Found command line outputShow sources
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...r.................................6.....a.\..........5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................C.:.\.U.s.e.r.s.\.H.E.R.B.B.L.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.>....."...".J....."...dwd.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................s.e.t...h...p...h...~.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>..."..........E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................................@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................s.h.i.f.t...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h................................."..."...*.......*.....`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................C.:.\.U.s.e.r.s.\.H.E.R.B.B.L.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.>."...*...".J....."...dwd.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................s.e.t...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....x....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................x...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................s.h.i.f.t...p...h.................................7.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h................................."..."...*.......*.....`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...!.......................................!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...7...........................P.4.p.D...4.P.4.^...|.4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...C.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...I...........................h...C................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...O....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...U............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...[...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...j...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...v.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...|.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...........................................!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.......4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h... ....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...&............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...,...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...;...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...G.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...M.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...S...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...Z...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...&.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...p...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...|.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h...|................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...#...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...*...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...6.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...C...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...O.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...U...........................h...O................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...[....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...a............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...g...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...v...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...>.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...F.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h... .............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...&...........................h... ................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...,....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...2............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...8...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...G...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...S.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...Y.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h..._...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...f...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...N.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...|...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...V.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...#.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...).....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h.../...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...6...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...^.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...L...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...X.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...^...........................h...X................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...d....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...j............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...p...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...f.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...n.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...+.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...1...........................h...+................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...7....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...=............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...C...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...R...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...^.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...d.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...j...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...q...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...v.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...~.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h..."...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...4.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...:...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...A...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...W...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...c.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...i...........................h...c................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...o....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...u............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...{...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...,...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...8.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...>...........................h...8................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...D....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...J............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...P...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h..._...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...k.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...q.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...w...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...~...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...#...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...2...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...>.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...D.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...J...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...Q...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...g...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...s.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...y...........................h...s................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...!...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...7...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...C.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...I...........................h...C................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...O....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...U............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...[...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...j...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...v.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...|.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h..."....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...(............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...=...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...I.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...O.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...U...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...\...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...r...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...~.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h...~................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h... .....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...&...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...-...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...C...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...O.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...U...........................h...O................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...[....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...a............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...g...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...v...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...%...........................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...+....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...1............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...7...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...F...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...R.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...X.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...^...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...e...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...{...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...".............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...(.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...5...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...K...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...W.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...]...........................h...W................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...c....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...i............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...o...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...~...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,.....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...).............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.../...........................h...)................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...5....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...;............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...A...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...P...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...\.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...b.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...h...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...o...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...&.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................A.c.c.e.s.s. .i.s. .d.e.n.i.e.d.........\."...6.....V.}J............\.".....#..w0.".&...`.....,...+.Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...#...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.../.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...5.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...;...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...B...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...X...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...d.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...j...........................h...d................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...p....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...v............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...|...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................h....................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h........................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h................................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h.................................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h.........................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...................................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...............................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...(...........................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h...4.............................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...:...........................h...4................... 3>...".....~....H.J....<.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................g.o.t.o.h...p...h...@....................................... 3>...".....~.......P.".....@F.J........Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: .................... .d.e.l.e.x.e. .h...F............................................... 3>.$3>...".H."......E.J....@.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...L...............................QF.J%R6...".B.....".`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...[...........................A.p.p.D.a.t.a.\.L.o.c.a..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................d.e.l...h...p...h...g.............................6.<.}J.....bNw..\u`....."...".l."...............nwJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...m.....................................6.<.}J.....bNw.3>...".....t....E.J....\.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...s...............................t...............@F.J`3>..."..."......E.J....|.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ......................0.....h...p...h...z...........................L...........!...@@ ...".x$>...".....p....F.J....t.".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ............................h...p...h...............................P.4.p.D...4.P.4.o.....4..5>.t."..."......E.J......".Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ....................i.f. ...h...p...h.................................}J......6.<.}J.....bNw.3>...".d."......E.J....\.".Jump to behavior
Might use command line argumentsShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCommand line argument: _tWinMain()1_2_01043764
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCommand line argument: __COMPAT_LAYER1_2_01043764
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCommand line argument: _tWinMain()1_2_01043764
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCommand line argument: __COMPAT_LAYER1_2_01043764
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCommand line argument: _tWinMain()1_1_01043764
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCommand line argument: x3H1_1_01043764
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCommand line argument: __COMPAT_LAYER1_1_01043764
Reads ini filesShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeFile read: C:\Users\desktop.iniJump to behavior
Reads software policiesShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Users\user\Desktop\GoToMeeting Opener.exe 'C:\Users\user\Desktop\GoToMeeting Opener.exe'
Source: unknownProcess created: C:\Windows\System32\msiexec.exe 'C:\Windows\system32\msiexec.exe' /i 'C:\Users\HERBBL~1\AppData\Local\Temp\B8E53152-8E4B-4BCC-B743-50E3AEDC3862\GoToOpener.msi' /q /lvx 'C:\Users\HERBBL~1\AppData\Local\Temp\LogMeInLogs\GoToOpenerMsi\67E62482-05D7-42DD-B3CF-7E4F5E5E60B4.log'
Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\HERBBL~1\AppData\Local\Temp\C4BCE0E5-EE0F-4947-ABB1-5694E8C7FF19.bat' 'C:\Users\user\Desktop\GoToMeeting Opener.exe''
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeProcess created: C:\Windows\System32\msiexec.exe 'C:\Windows\system32\msiexec.exe' /i 'C:\Users\HERBBL~1\AppData\Local\Temp\B8E53152-8E4B-4BCC-B743-50E3AEDC3862\GoToOpener.msi' /q /lvx 'C:\Users\HERBBL~1\AppData\Local\Temp\LogMeInLogs\GoToOpenerMsi\67E62482-05D7-42DD-B3CF-7E4F5E5E60B4.log'Jump to behavior
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\HERBBL~1\AppData\Local\Temp\C4BCE0E5-EE0F-4947-ABB1-5694E8C7FF19.bat' 'C:\Users\user\Desktop\GoToMeeting Opener.exe''Jump to behavior
Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
Source: GoToMeeting Opener.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Binary contains paths to debug symbolsShow sources
Source: Binary string: C:\bamboo-home\xml-data\build-dir\WEBDEPLOYMENT-WEBDEPLOYMENTFORMALMAIN0-BW\dist\GoToOpener.pdbw source: GoToMeeting Opener.exe, 00000001.00000001.20991445154.01041000.00000040.sdmp
Source: Binary string: C:\bamboo-home\xml-data\build-dir\WEBDEPLOYMENT-WEBDEPLOYMENTFORMALMAIN0-BW\dist\GoToOpener.pdb source: GoToMeeting Opener.exe

HIPS / PFW / Operating System Protection Evasion:

barindex
Contains functionality to add an ACL to a security descriptorShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01077B30 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,1_2_01077B30
May try to detect the Windows Explorer process (often used for injection)Show sources
Source: GoToMeeting Opener.exeBinary or memory string: Progman
Source: GoToMeeting Opener.exe, 00000001.00000001.20991445154.01041000.00000040.sdmpBinary or memory string: ..\..\Code\Win32\ECWindowsSecurity.cppAllocateAndInitializeSid()OpenThreadToken::OpenProcess(%d) failed, last error = %d::OpenProcessToken() failed, process id = %d, last error = %d::GetTokenInformation() failed, process id = %d, last error = %d::LookupAccountSid() failed, process id = %d, last error = %d account name = %s, domain name = %sLogged on user process found: process id = %d, process name = %s::OpenDesktop(%s) failed, last error = %dProgmanexplorer.exeWinSta0Failed to open WinSta0, last error = %dECWindowsSecurity::getLoggedOnUserToken_ThisWTSSession()Failed to open process token for process id %uOpenProcessFailed to open process id %uSeTcbPrivilegeWTSQueryUserTokenProcessIdToSessionIdProcessIdToSessionId() not found in kernel32.dllProcessIdToSessionIdFailed to load and initialize the WTSApi32 library.GetTokenInformation()Failed to allocate buffer for the token information structure::IsTokenRestricted()AllocateAndInitializeSidEqualSidABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/

Anti Debugging:

barindex
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))Show sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeSystem information queried: KernelDebuggerInformationJump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)Show sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01083575 IsDebuggerPresent,1_2_01083575
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)Show sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0104593C OutputDebugStringW,GetSystemDirectoryW,GetSystemDirectoryW,LocalAlloc,GetSystemDirectoryW,lstrlenW,GetSystemDirectoryW,lstrcpynW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,OutputDebugStringW,LocalFree,1_2_0104593C
Contains functionality to dynamically determine API callsShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_010411A8 LoadLibraryW,GetProcAddress,GetProcAddress,1_2_010411A8
Contains functionality which may be used to detect a debugger (GetProcessHeap)Show sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0108B53B GetProcessHeap,1_2_0108B53B
Contains functionality to register its own exception handlerShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0108AAD8 SetUnhandledExceptionFilter,1_2_0108AAD8
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0108AB09 SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0108AB09
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_0108AAD8 SetUnhandledExceptionFilter,1_1_0108AAD8
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_0108AB09 SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_1_0108AB09

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modificationsShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0105CBA4 GetTickCount,Sleep,GetTickCount,1_2_0105CBA4
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_0105CBA4 GetTickCount,Sleep,GetTickCount,1_1_0105CBA4
Found dropped PE file which has not been started or loadedShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeDropped PE file which has not been started: C:\Users\HERBBL~1\AppData\Local\Temp\B8E53152-8E4B-4BCC-B743-50E3AEDC3862\GoTo Opener.exeJump to dropped file
May sleep (evasive loops) to hinder dynamic analysisShow sources
Source: C:\Windows\System32\msiexec.exe TID: 3664Thread sleep time: -60000s >= -60000sJump to behavior
Contains functionality to enumerate / list files inside a directoryShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_010796EC FindFirstFileW,GetLastError,1_2_010796EC
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_010454E3 FindFirstFileW,LocalFree,GetLastError,OutputDebugStringW,LocalFree,FindClose,1_2_010454E3
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_01078BCD FindFirstFileW,FindClose,1_2_01078BCD
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_010796EC FindFirstFileW,GetLastError,1_1_010796EC
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_010454E3 FindFirstFileW,LocalFree,GetLastError,OutputDebugStringW,LocalFree,FindClose,1_1_010454E3
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_1_01078BCD FindFirstFileW,FindClose,1_1_01078BCD
Program exit pointsShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeAPI call chain: ExitProcess graph end nodegraph_1-56297
Queries a list of all running processesShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeProcess information queried: ProcessInformationJump to behavior

Hooking and other Techniques for Hiding and Protection:

barindex
Extensive use of GetProcAddress (often used to hide API calls)Show sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0108A84D GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_0108A84D
Disables application error messsages (SetErrorMode)Show sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Language, Device and Operating System Detection:

barindex
Contains functionality to query CPU information (cpuid)Show sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0108AB27 cpuid 1_2_0108AB27
Contains functionality to query local / system timeShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_0108BD8A GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,RtlQueryPerformanceCounter,1_2_0108BD8A
Contains functionality to query windows versionShow sources
Source: C:\Users\user\Desktop\GoToMeeting Opener.exeCode function: 1_2_010633CF GetVersionExW,GetTempPathA,GetTempPathA,GetTempPathA,CreateDirectoryA,GetLastError,1_2_010633CF
Queries the cryptographic machine GUIDShow sources
Source: C:\Windows\System32\msiexec.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behaviorgraph top1 signatures2 2 Behavior Graph ID: 67741 Sample: GoToMeeting Opener.exe Startdate: 12/07/2018 Architecture: WINDOWS Score: 48 22 Antivirus detection for unpacked file 2->22 24 Contains functionality to detect sleep reduction / modifications 2->24 6 GoToMeeting Opener.exe