Source: C:\Users\user\Desktop\SY5DeZW6pz.exe | Code function: 0_2_0F394950 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, |
Source: C:\Users\user\Desktop\SY5DeZW6pz.exe | Code function: 0_2_0F398150 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
Source: C:\Users\user\Desktop\SY5DeZW6pz.exe | Code function: 0_2_0F3962B0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
Source: C:\Users\user\Desktop\SY5DeZW6pz.exe | Code function: 0_2_0F396530 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
Source: C:\Users\user\Desktop\SY5DeZW6pz.exe | Code function: 0_2_0F395210 lstrlenA,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError, |
Source: C:\Users\user\Desktop\SY5DeZW6pz.exe | Code function: 0_2_0F395670 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
Source: C:\Users\user\Desktop\SY5DeZW6pz.exe | Code function: 0_2_0F3982A0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
Source: C:\Users\user\Desktop\SY5DeZW6pz.exe | Code function: 0_2_0F395880 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdateComRegisterShell64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroRd32.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\104.0.5112.81\chrome_pwa_launcher.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdate.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\lync.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\misc.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\filecompare.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\lync99.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\AutoIt3Help.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\ssvagent.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\UcMapi.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ONENOTE.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\PDFREFLOW.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Examples\Helpfile\Extras\MyProg.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\WINWORD.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroBroker.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSOSREC.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\OUTLOOK.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\Common.DBConnection.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\protocolhandler.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSQRY32.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\wow_helper.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\104.0.5112.81\notification_helper.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\arh.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\SELFCERT.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\WORDICON.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSPUB.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleCrashHandler64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\chrome.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\jabswitch.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\ADelRCP.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\DATABASECOMPARE.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleCrashHandler.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\SETLANG.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Aut2Exe\Aut2exe_x64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ACCICONS.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\FIRSTRUN.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSACCESS.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\POWERPNT.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Uninstall.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdateCore.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\Common.ShowHelp.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\SCANPST.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Au3Check.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\jp2launcher.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSOHTMED.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\CLVIEW.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\NAMECONTROLSERVER.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\IEContentService.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\java.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\CNFNOT32.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Microsoft Office\Office16\AppSharingHookController64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\excelcnv.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\GROOVE.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\OcPubMgr.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\java-rmi.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdateBroker.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\unpack200.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\javacpl.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ONENOTEM.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\msoev.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSOUC.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Microsoft Office\Office16\MSOHTMED.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\SciTE\SciTE.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\GRAPH.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\EXCEL.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\PPTICO.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\LogTransport2.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\lynchtmlconv.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\javaws.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\104.0.5112.81\elevation_service.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Eula.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Au3Info.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\AutoIt3_x64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\AppSharingHookController.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\OSPPREARM.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSOSYNC.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\XLICONS.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\Common.DBConnection64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Microsoft Office\Office16\msoia.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\104.0.5112.81\chrome_installer.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Au3Info_x64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\Wordconv.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Aut2Exe\Aut2exe.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\SPREADSHEETCOMPARE.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft analysis services\AS OLEDB\110\SQLDumper.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\VPREVIEW.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\reader_sl.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Aut2Exe\upx.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdateSetup.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\msotd.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\orbd.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file written: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe | Jump to behavior |
Source: vSQshX.exe, 00000001.00000003.310095902.00000000014B0000.00000004.00001000.00020000.00000000.sdmp, vSQshX.exe, 00000001.00000000.331514201.0000000000C23000.00000002.00000001.01000000.00000004.sdmp | String found in binary or memory: http://%s:%d/%s/%sZwQuerySystemInformationntdll.dllNtSystemDebugControlSeDebugPrivilege%s%.8x.bat:DE |
Source: vSQshX.exe, 00000001.00000000.333684475.000000000142E000.00000004.00000020.00020000.00000000.sdmp, vSQshX.exe, 00000001.00000000.336367143.000000000142E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net/& |
Source: vSQshX.exe, 00000001.00000000.334129715.00000000030C9000.00000004.00000010.00020000.00000000.sdmp, vSQshX.exe, 00000001.00000002.359919761.000000000142E000.00000004.00000020.00020000.00000000.sdmp, vSQshX.exe, 00000001.00000000.336367143.000000000142E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k2.rar |
Source: vSQshX.exe, 00000001.00000000.333684475.000000000142E000.00000004.00000020.00020000.00000000.sdmp, vSQshX.exe, 00000001.00000000.336367143.000000000142E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k2.rar% |
Source: vSQshX.exe, 00000001.00000002.360215641.00000000030C9000.00000004.00000010.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k3.rar |
Source: vSQshX.exe, 00000001.00000002.359919761.000000000142E000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ddos.dnsnb8.net:799/cj//k3.rar% |
Source: SY5DeZW6pz.exe | String found in binary or memory: http://gdcbghvjyqy7jclk.onion/3a23db8448d3b2b |
Source: Amcache.hve.1.dr | String found in binary or memory: http://upx.sf.net |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.activestate.com |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.activestate.comJames |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.autoitscript.com/autoit3/scite |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.baanboard.com |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.baanboard.comPraveen |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.develop.com |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.develop.comYann |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.lua.org |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.rftp.com |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.rftp.comSteve |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.scintila.org/scite.rng |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.scintilla.org |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.spaceblue.com |
Source: SciTE.exe.1.dr | String found in binary or memory: http://www.spaceblue.comDenis |
Source: SY5DeZW6pz.exe | String found in binary or memory: https://tox.chat/download.html |
Source: SY5DeZW6pz.exe | String found in binary or memory: https://www.torproject.org/ |
Source: SY5DeZW6pz.exe, type: SAMPLE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: SY5DeZW6pz.exe, type: SAMPLE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.0.SY5DeZW6pz.exe.f390000.3.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.0.SY5DeZW6pz.exe.f390000.3.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.0.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.0.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.0.SY5DeZW6pz.exe.f390000.0.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.0.SY5DeZW6pz.exe.f390000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.raw.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.2.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.2.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000000.00000002.352730641.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000000.00000002.352730641.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 00000000.00000000.324233119.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 00000000.00000000.324233119.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: Gandcrab Payload Author: kevoreilly |
Source: SY5DeZW6pz.exe, type: SAMPLE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: SY5DeZW6pz.exe, type: SAMPLE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: SY5DeZW6pz.exe, type: SAMPLE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: SY5DeZW6pz.exe, type: SAMPLE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.SY5DeZW6pz.exe.f390000.3.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.0.SY5DeZW6pz.exe.f390000.3.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.0.SY5DeZW6pz.exe.f390000.3.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.0.SY5DeZW6pz.exe.f390000.3.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.0.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.0.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.0.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.2.SY5DeZW6pz.exe.3760000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.SY5DeZW6pz.exe.f390000.0.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.0.SY5DeZW6pz.exe.f390000.0.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.0.SY5DeZW6pz.exe.f390000.0.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.0.SY5DeZW6pz.exe.f390000.0.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.raw.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.raw.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.0.SY5DeZW6pz.exe.3760000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.2.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.2.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.2.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.2.SY5DeZW6pz.exe.f390000.1.unpack, type: UNPACKEDPE | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000000.00000002.352730641.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000000.00000002.352730641.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000000.00000002.352730641.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000000.00000002.352730641.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 00000000.00000000.324233119.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 00000000.00000000.324233119.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 00000000.00000000.324233119.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 00000000.00000000.324233119.0000000003760000.00000008.00000001.00040000.00000003.sdmp, type: MEMORY | Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: SY5DeZW6pz.exe | Static PE information: section name: |Zu8 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_0 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_1 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_2 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_3 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_4 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_5 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_6 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_7 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_8 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_9 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_10 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_11 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_12 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_13 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_14 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_15 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_16 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_17 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_18 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_19 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_20 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_21 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_22 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_23 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_24 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_25 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_26 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_27 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_28 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_29 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_30 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_31 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_32 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_33 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_34 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_35 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_36 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_37 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_38 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_39 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_40 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_41 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_42 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_43 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_44 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_45 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_46 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_47 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_48 |
Source: SY5DeZW6pz.exe | Static PE information: section name: .dat_49 |
Source: vSQshX.exe.0.dr | Static PE information: section name: .aspack |
Source: vSQshX.exe.0.dr | Static PE information: section name: .adata |
Source: MyProg.exe.1.dr | Static PE information: section name: PELIB |
Source: MyProg.exe.1.dr | Static PE information: section name: Y|uR |
Source: SciTE.exe.1.dr | Static PE information: section name: ruO |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdateComRegisterShell64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroRd32.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\104.0.5112.81\chrome_pwa_launcher.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdate.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\lync.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\misc.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\filecompare.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\lync99.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\AutoIt3Help.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\ssvagent.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\UcMapi.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ONENOTE.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\PDFREFLOW.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Examples\Helpfile\Extras\MyProg.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\WINWORD.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroBroker.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSOSREC.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\OUTLOOK.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\Common.DBConnection.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\protocolhandler.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSQRY32.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\wow_helper.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\104.0.5112.81\notification_helper.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\arh.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\SELFCERT.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\WORDICON.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSPUB.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleCrashHandler64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\chrome.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\jabswitch.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\ADelRCP.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\DATABASECOMPARE.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleCrashHandler.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\SETLANG.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Aut2Exe\Aut2exe_x64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ACCICONS.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\FIRSTRUN.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSACCESS.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\POWERPNT.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Uninstall.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdateCore.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\Common.ShowHelp.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\SCANPST.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Au3Check.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\jp2launcher.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSOHTMED.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\CLVIEW.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\NAMECONTROLSERVER.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\IEContentService.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\java.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\CNFNOT32.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\104.0.5112.81\Installer\chrmstp.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Microsoft Office\Office16\AppSharingHookController64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\excelcnv.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\GROOVE.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\OcPubMgr.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\java-rmi.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdateBroker.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\unpack200.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\javacpl.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ONENOTEM.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\msoev.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSOUC.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Microsoft Office\Office16\MSOHTMED.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\SciTE\SciTE.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\GRAPH.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\EXCEL.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\PPTICO.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\LogTransport2.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\lynchtmlconv.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\javaws.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\104.0.5112.81\elevation_service.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\Eula.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Au3Info.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\AutoIt3_x64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\AppSharingHookController.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\OSPPREARM.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\MSOSYNC.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\XLICONS.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\Common.DBConnection64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Microsoft Office\Office16\msoia.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\104.0.5112.81\chrome_installer.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Au3Info_x64.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\Wordconv.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Aut2Exe\Aut2exe.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files\Google\Chrome\Application\chrome_proxy.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\DCF\SPREADSHEETCOMPARE.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft analysis services\AS OLEDB\110\SQLDumper.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\VPREVIEW.EXE | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\reader_sl.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\autoit3\Aut2Exe\upx.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\google\Update\1.3.36.131\GoogleUpdateSetup.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\microsoft office\Office16\msotd.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file mapped for write: C:\Program Files (x86)\java\jre1.8.0_211\bin\orbd.exe | |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe | Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\vSQshX.exe | System file written: C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\MyProg.exe | Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\WerFault.exe | Process information set: NOOPENFILEERRORBOX |