Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0112A2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113AFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01149FD3 FindFirstFileExA, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0112399B GetFileAttributesW,FindFirstFileW,FindClose, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01142408 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0113280D FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01168877 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01121A73 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0114CAE7 FindFirstFileW,FindNextFileW,FindClose, |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0 |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://crl.globalsign.net/Root.crl0 |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://crl.globalsign.net/Timestamping1.crl0 |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://crl.globalsign.net/primobject.crl0N |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://crl.globalsign.net/root.crl0 |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://secure.globalsign.net/cacert/ObjectSign.crt09 |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://secure.globalsign.net/cacert/PrimObject.crt0 |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://www.autoitscript.com/autoit3/0 |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://www.globalsign.net/repository/0 |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://www.globalsign.net/repository/03 |
Source: INV_0893.exe, 00000000.00000003.336111482.000000000499C000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | String found in binary or memory: http://www.globalsign.net/repository09 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0116C7D6 SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_011283C0 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113626D |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01140113 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0114C0B0 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_011230FC |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_011333D3 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113F3CA |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0112E510 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0114C55E |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01140548 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0112F5C5 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01150654 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113364E |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01122692 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_011366A2 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0112E973 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113397F |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113589E |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113F8C6 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0112BAD1 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0112DADD |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01125D7E |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01143CBA |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01136CDB |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113FCDE |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0112DF12 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01123EAD |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01143EE9 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_010F35F0 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_010F98F0 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01102136 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0110A137 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0113F3A6 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0111427D |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01102508 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0113655F |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_010F98F0 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01103721 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_010FF730 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01101903 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0111088F |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0110C8CE |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_011028F0 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01113BA1 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0116EA2B |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0113EAD5 |
Source: unknown | Process created: C:\Users\user\Desktop\INV_0893.exe C:\Users\user\Desktop\INV_0893.exe |
Source: C:\Users\user\Desktop\INV_0893.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\uvbdlqfvw.pif" faeupdrjbw.afr |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: unknown | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" C:\Users\user\1_102\FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: unknown | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" C:\Users\user\1_102\FAEUPD~1.AFR |
Source: unknown | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" C:\Users\user\1_102\FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Users\user\Desktop\INV_0893.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\uvbdlqfvw.pif" faeupdrjbw.afr |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\Desktop\INV_0893.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process information set: NOOPENFILEERRORBOX |
Source: C:\Windows\SysWOW64\wscript.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 3340 | Thread sleep count: 65 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 3340 | Thread sleep count: 42 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 3760 | Thread sleep count: 51 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 3760 | Thread sleep count: 40 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 4852 | Thread sleep count: 55 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 4852 | Thread sleep count: 32 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 5224 | Thread sleep count: 35 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 4644 | Thread sleep count: 35 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 5676 | Thread sleep count: 41 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 5832 | Thread sleep count: 33 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 4348 | Thread sleep count: 37 > 30 |
Source: C:\Users\user\1_102\uvbdlqfvw.pif TID: 3300 | Thread sleep count: 36 > 30 |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0112A2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113AFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01149FD3 FindFirstFileExA, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0112399B GetFileAttributesW,FindFirstFileW,FindClose, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01142408 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0113280D FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01168877 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_01121A73 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0114CAE7 FindFirstFileW,FindNextFileW,FindClose, |
Source: uvbdlqfvw.pif, 00000017.00000003.553072884.0000000004EF1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareUser.exe") Then0Rb |
Source: uvbdlqfvw.pif, 0000000E.00000003.547420704.000000000303A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareUser.exe |
Source: uvbdlqfvw.pif, 0000000E.00000003.522771884.000000000302B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwaretray.exe} |
Source: uvbdlqfvw.pif, 0000000C.00000003.505492001.00000000045B5000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwaretray.exeq |
Source: uvbdlqfvw.pif, 00000003.00000003.393961109.0000000003C55000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VboxService.exepz3t |
Source: faeupdrjbw.afr.0.dr | Binary or memory string: If ProcessExists("VMwaretray.exe") Then |
Source: faeupdrjbw.afr.0.dr | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareUser.exe") Then |
Source: uvbdlqfvw.pif, 00000017.00000002.577839213.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VBoxTray.exe0~ |
Source: uvbdlqfvw.pif, 00000019.00000003.564256844.0000000002F91000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") Then79o |
Source: uvbdlqfvw.pif, 0000000E.00000003.547420704.000000000303A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareService.exe444D6 |
Source: uvbdlqfvw.pif, 00000019.00000002.577415132.0000000002F90000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwaretray.exe |
Source: uvbdlqfvw.pif, 0000000E.00000002.551652003.0000000000C48000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: om&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000y |
Source: uvbdlqfvw.pif, 0000000E.00000003.513468475.0000000003011000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") Thenp |
Source: faeupdrjbw.afr.0.dr | Binary or memory string: If ProcessExists("VboxService.exe") Then |
Source: uvbdlqfvw.pif, 0000000D.00000003.504116609.0000000003AED000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwaretray.exeZ! |
Source: uvbdlqfvw.pif, 00000017.00000002.577839213.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareUser.exe3A765687 |
Source: uvbdlqfvw.pif, 00000019.00000002.577415132.0000000002F90000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareService.exe536C7 |
Source: uvbdlqfvw.pif, 00000003.00000003.394404593.0000000003C60000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.401152033.0000000003C74000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.393237133.0000000003C51000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.394189569.0000000003C5D000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.395107791.0000000003C6B000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.396289082.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.393961109.0000000003C55000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.432760043.0000000004440000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.430843861.0000000004434000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.428968439.0000000004431000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.432877001.000000000444C000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VBoxTray.exe |
Source: uvbdlqfvw.pif, 0000000D.00000003.504116609.0000000003AED000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VboxService.exeu! |
Source: uvbdlqfvw.pif, 00000017.00000003.553072884.0000000004EF1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") ThenT4E` |
Source: uvbdlqfvw.pif, 00000005.00000003.431697192.000000000443D000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwaretray.exea |
Source: uvbdlqfvw.pif, 00000010.00000003.543862397.00000000048A4000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000010.00000003.545397422.00000000048AD000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000010.00000003.546967670.00000000048B0000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000010.00000003.553574188.00000000048C0000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000010.00000003.548851878.00000000048BC000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000010.00000003.534687720.00000000048A1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VBoxTray.exe\ |
Source: uvbdlqfvw.pif, 00000003.00000003.393237133.0000000003C51000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.393961109.0000000003C55000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.430843861.0000000004434000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.406326241.0000000004421000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.428968439.0000000004431000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000006.00000003.436870784.0000000003441000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000A.00000003.481069326.0000000003E91000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000A.00000003.446377357.0000000003E81000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000A.00000003.483217881.0000000003E94000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000C.00000003.470607041.00000000045A1000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000C.00000003.503415232.00000000045B1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If ProcessExists("VBoxTray.exe") Then |
Source: faeupdrjbw.afr.0.dr | Binary or memory string: If ProcessExists("VBoxTray.exe") Then |
Source: uvbdlqfvw.pif, 00000019.00000003.564256844.0000000002F91000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If ProcessExists("VboxService.exe") Then |
Source: uvbdlqfvw.pif, 00000010.00000003.543862397.00000000048A4000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: rocessExists("VboxService.exe") Then |
Source: uvbdlqfvw.pif, 0000000A.00000003.483217881.0000000003E94000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareService.execroso |
Source: uvbdlqfvw.pif, 00000010.00000003.534687720.00000000048A1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If ProcessExists("VMwaretray.exe") Thena |
Source: uvbdlqfvw.pif, 00000003.00000002.408624142.0000000003C7A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareService.exe65687 |
Source: uvbdlqfvw.pif, 00000010.00000003.534687720.00000000048A1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareService.exe |
Source: uvbdlqfvw.pif, 00000017.00000002.577839213.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwaretray.exe1x |
Source: uvbdlqfvw.pif, 00000006.00000003.445620543.000000000345B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VboxService.exe5 |
Source: uvbdlqfvw.pif, 00000010.00000003.534687720.00000000048A1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwaretray.exe5 |
Source: uvbdlqfvw.pif, 00000013.00000003.524003657.0000000003D31000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") ThenT4Ej |
Source: uvbdlqfvw.pif, 00000005.00000003.431697192.000000000443D000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareUser.exe3A765687 |
Source: uvbdlqfvw.pif, 00000010.00000003.534687720.00000000048A1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareUser.exe6BA444D6 |
Source: uvbdlqfvw.pif, 00000019.00000003.564256844.0000000002F91000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If ProcessExists("VMwaretray.exe") Then |
Source: uvbdlqfvw.pif, 00000006.00000003.445620543.000000000345B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwaretray.exeA |
Source: faeupdrjbw.afr.0.dr | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") Then |
Source: uvbdlqfvw.pif, 00000005.00000003.428968439.0000000004431000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") Then79o- |
Source: uvbdlqfvw.pif, 00000006.00000003.472201009.000000000346A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareService.exe637D6 |
Source: uvbdlqfvw.pif, 00000017.00000002.577839213.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareService.exe536C7k |
Source: uvbdlqfvw.pif, 0000000A.00000003.484193504.0000000003E9D000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000A.00000003.481069326.0000000003E91000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000A.00000003.488423943.0000000003EB0000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000A.00000003.486092254.0000000003EA0000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000A.00000003.506597786.0000000003EB9000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000A.00000003.487397857.0000000003EAC000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000A.00000003.483217881.0000000003E94000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VBoxTray.exe|u1%# |
Source: uvbdlqfvw.pif, 00000006.00000003.472201009.000000000346A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareUser.exec |
Source: uvbdlqfvw.pif, 00000003.00000002.408624142.0000000003C7A000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareUser.exe'~ |
Source: uvbdlqfvw.pif, 00000005.00000003.431697192.000000000443D000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareService.exe444D62 |
Source: uvbdlqfvw.pif, 0000000E.00000003.522771884.000000000302B000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VboxService.exeV |
Source: uvbdlqfvw.pif, 0000000D.00000003.504116609.0000000003AED000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareUser.exe$H |
Source: uvbdlqfvw.pif, 0000000E.00000003.513468475.0000000003011000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareUser.exe") Then |
Source: uvbdlqfvw.pif, 00000010.00000003.534687720.00000000048A1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VboxService.exeR |
Source: uvbdlqfvw.pif, 00000019.00000003.564256844.0000000002F91000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareUser.exe") Thenkn |
Source: uvbdlqfvw.pif, 0000000D.00000003.504116609.0000000003AED000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareService.exe536C7d$d |
Source: uvbdlqfvw.pif, 00000019.00000002.577415132.0000000002F90000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareUser.exe5FB536C7*^ |
Source: uvbdlqfvw.pif, 00000015.00000003.532638592.0000000000FE1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If DriveSpaceFree("d:\") < 1 And ProcessExists("VMwareService.exe") ThenT4E |
Source: uvbdlqfvw.pif, 0000000A.00000003.483217881.0000000003E94000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VMwareUser.exe5FB536C7_v |
Source: uvbdlqfvw.pif, 00000019.00000002.577415132.0000000002F90000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: VboxService.exe |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113E643 SetUnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113E4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_0113E7FB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\Desktop\INV_0893.exe | Code function: 0_2_01147BE1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0110F170 SetUnhandledExceptionFilter, |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Code function: 3_2_0110A128 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\Desktop\INV_0893.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\uvbdlqfvw.pif" faeupdrjbw.afr |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Users\user\1_102\uvbdlqfvw.pif | Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\1_102\run.vbs" |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: C:\Windows\SysWOW64\wscript.exe | Process created: C:\Users\user\1_102\uvbdlqfvw.pif "C:\Users\user\1_102\UVBDLQ~1.PIF" FAEUPD~1.AFR |
Source: INV_0893.exe, 00000000.00000003.335985605.0000000004907000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif.0.dr | Binary or memory string: IDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript PausedblankinfoquestionstopwarningAutoIt - |
Source: uvbdlqfvw.pif, 00000006.00000003.436870784.0000000003441000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000006.00000003.442051689.000000000344D000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000006.00000003.471767396.0000000003467000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Program Manager |
Source: uvbdlqfvw.pif | Binary or memory string: Shell_TrayWnd |
Source: uvbdlqfvw.pif, 00000003.00000003.393237133.0000000003C51000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.393961109.0000000003C55000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.430843861.0000000004434000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If WinGetText("Program Manager") = "0" Then |
Source: uvbdlqfvw.pif, 00000017.00000002.577839213.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Program Manager,x |
Source: uvbdlqfvw.pif, 00000017.00000002.577839213.0000000004EF0000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000017.00000003.553072884.0000000004EF1000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If WinGetText("Program Manager") = "0" Thenm |
Source: uvbdlqfvw.pif, 00000005.00000003.432760043.0000000004440000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.430843861.0000000004434000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.428968439.0000000004431000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Program ManagerL |
Source: faeupdrjbw.afr.0.dr | Binary or memory string: If WinGetText("Program Manager") = "0" Then |
Source: uvbdlqfvw.pif, 00000005.00000003.406326241.0000000004421000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000005.00000003.428968439.0000000004431000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If WinGetText("Program Manager") = "0" Then |
Source: uvbdlqfvw.pif, 00000013.00000003.524003657.0000000003D31000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: If WinGetText("Program Manager") = "0" Theng |
Source: uvbdlqfvw.pif, 0000000C.00000003.509609607.00000000045D0000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000C.00000003.508522641.00000000045CC000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 0000000C.00000003.507327420.00000000045BD000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Program Managerr |
Source: uvbdlqfvw.pif, 00000003.00000000.359780847.0000000001172000.00000002.00000001.01000000.00000007.sdmp, uvbdlqfvw.pif, 00000003.00000002.405404161.0000000001172000.00000002.00000001.01000000.00000007.sdmp | Binary or memory string: ASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript PausedblankinfoquestionstopwarningAutoIt - |
Source: uvbdlqfvw.pif, 00000003.00000003.394404593.0000000003C60000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.401152033.0000000003C74000.00000004.00000800.00020000.00000000.sdmp, uvbdlqfvw.pif, 00000003.00000003.393237133.0000000003C51000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: Program Managermz(t |