Windows Analysis Report
WsiysHggF9.exe

Overview

General Information

Sample Name: WsiysHggF9.exe
Analysis ID: 715159
MD5: 350ea577229a9518d3b9dcd76d109e14
SHA1: b9431df0ca98d1fa3abeefc92d1bd25e4c8b4e22
SHA256: 2c8960c00dfc803bb8175a6833904173b6ff044c7128c24c8de2379b47274c77
Tags: exeRedLineStealer
Infos:

Detection

RedLine
Score: 50
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Generic Downloader
Obfuscated command line found
Tries to detect virtualization through RDTSC time measurements
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Stores files to the Windows start menu directory
Contains functionality to communicate with device drivers
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Entry point lies outside standard sections
Sample file is different than original file name gathered from version info
Allocates memory with a write watch (potentially for evading sandboxes)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
File is packed with WinRar
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: WsiysHggF9.exe ReversingLabs: Detection: 51%
Uses 32bit PE files
Source: WsiysHggF9.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-NL931.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-9T84T.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-0UADG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-P90KL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-NTE5N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-9JHT8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-2SCU5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-CV5R1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7U34J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7F1IJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-EPTFT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-IU3MP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-NKFUD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-5OMUN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-5LJ3G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-JO5BM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-SO45U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-VGNVB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-E63DL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7BF1G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-MVD1T.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-J5UM8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-OF8N5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-DBS3U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7HBD3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-EE795.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-6S7SN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-V5T2O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-9K9M7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-UFU1R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-DEMF3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-JALHN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-19I02.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-GCDE1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-1J0J3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-HKQ8J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-U641C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-KRBVG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-R9F1C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-VMF33.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-NOB4R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-37ABV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-HKD6O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-L050V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-GAK9A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-UR1D7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-3RF3V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-EGO60.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-KJ41F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-AG00V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-8JNDO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-0UDPU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-L0CK2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-TDP90.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-4STCS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-H8I8G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-UJ3RS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-LAIB1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-K3IU2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-32N1E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-0KP7K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-8SGGQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-IOAI2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-K8GOH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-KRBQ3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-6C785.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-5BTDL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-5AL5G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7A0A0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\af Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\af\is-HO62N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ar Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ar\is-T0H9J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\be Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\be\is-M4P44.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bg\is-3UN24.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bn\is-TP6MB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bs\is-2VUIJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ca Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ca\is-6CEK5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ca_ES@valencia Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ca_ES@valencia\is-MT216.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\co Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\co\is-3NQSM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\cs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\cs\is-T6M9E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\cy Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\cy\is-H92PA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\da Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\da\is-L5QPV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\de Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\de\is-52QJJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\el Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\el\is-4K82R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\es Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\es\is-44RRB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\eu Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\eu\is-BBOJ7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\eu_ES Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\eu_ES\is-AMHSN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fa\is-FG87I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fi\is-N6N61.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fr\is-NL67K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ga Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ga\is-T5ETS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\gl Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\gl\is-OKLKC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\he Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\he\is-O5794.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hi\is-SQO61.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hr\is-PHG0Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hu Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hu\is-LCVQ1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hy Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hy\is-U2HOB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\id Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\id\is-3J2H4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\it Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\it\is-E6HJ8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ja Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ja\is-JQCT8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ka Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ka\is-61DBE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\km Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\km\is-7REVL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ko Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ko\is-J5S6V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\lt Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\lt\is-2CVMQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\mk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\mk\is-02VU6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\mr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\mr\is-NDISD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\my Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\my\is-PIIHM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\nb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\nb\is-B1TJE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\nl Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\nl\is-RTSGB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\oc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\oc\is-FI563.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pl Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pl\is-LEVD6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pt_BR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pt_BR\is-IMKJS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pt_PT Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pt_PT\is-CU15K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ro Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ro\is-F0KFG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ru Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ru\is-DR3N6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sk\is-N11CT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sl Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sl\is-4TL5P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sr_RS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sr_RS\is-PRSVB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sr_RS@latin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sr_RS@latin\is-644HF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sv Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sv\is-BSL79.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ta Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ta\is-D76SJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\tg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\tg\is-KRUGD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\tr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\tr\is-SKP1O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\uk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\uk\is-1SRVN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\vi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\vi\is-DG9PQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\zh_CN Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\zh_CN\is-5KIHE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\zh_TW Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\zh_TW\is-1MOHQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-7K270.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-NTKH4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-D9254.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-IL8FC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-UVR1R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-PVUQC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-QSS2A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-CGAC7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-8A690.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-PPVH8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-RHAJM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-HH9U2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-CFM98.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-EVALG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-L09O0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-5GAUM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-NQM3B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-ESFAT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-13T21.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-BQNBQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-V3FC0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-BNLP7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-6R5OG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-RAD77.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-G5GC0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-DQTC5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-MROM6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-2UCMK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-NPI02.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-MMQJF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-P0K9Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-3463Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-E4TOU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-5EL2U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-05MM5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-727SG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-3DJRE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-RT5IA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-20JHV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-HJCIF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-E3H07.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-C2JTA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-O6A7U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-P38RE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-4EKK3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-TBL3M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-ODRMT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-LRPH6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-II6NQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-11997.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-P00HI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-EJHHE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-6KU03.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-LHPLL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-V3UUL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-MD7TV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-KU5LN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-02MKN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-SP0OV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-NO5SG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-SO3LD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-BRLM5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-BD9F7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-G1KMP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-06UFT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-6QFDO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-P1C46.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-77BQK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-853A0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-QVTJ7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-591EJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-MQUPM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-LKBSE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-C5P2B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\modules Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\modules\is-JOTP7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\unins000.msg Jump to behavior
Source: WsiysHggF9.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: WsiysHggF9.exe, 00000000.00000003.245658936.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, WsiysHggF9.exe, 00000000.00000002.303976798.0000000000272000.00000002.00000001.01000000.00000003.sdmp, WsiysHggF9.exe, 00000000.00000003.244701687.00000000052B8000.00000004.00000800.00020000.00000000.sdmp, WsiysHggF9.exe, 00000000.00000000.243769548.0000000000272000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\mpg123\1.29.3\_\_\build\9e1553e6621f02c61665c153436b2dfb785b6498\bin\mpg123.pdb00 source: Audacity.exe, 00000010.00000002.583274055.00007FFCFF249000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\flac\1.3.3\_\_\build\4fab43cea7baf5ca3c7db544507a05b38a68f73e\build\src\libFLAC\RelWithDebInfo\FLAC.pdb11 source: Audacity.exe, 00000010.00000002.580349736.00007FFCFF0A0000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\ogg\1.3.4\_\_\build\ad5261bf6074807e7189c351b0f79b113bf2f6c0\build\RelWithDebInfo\ogg.pdb source: Audacity.exe, 00000010.00000002.576735272.00007FFCFEEB9000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\flac\1.3.3\_\_\build\4fab43cea7baf5ca3c7db544507a05b38a68f73e\build\src\libFLAC++\RelWithDebInfo\FLAC++.pdb!! source: Audacity.exe, 00000010.00000002.583539424.00007FFCFF270000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: _.pdb source: Installation_controller.exe, 00000001.00000003.378455694.000000003FC3A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\audacity\audacity\.build.x64\bin\RelWithDebInfo\modules\mod-script-pipe.pdb source: audacity-win-3.2.0-64bit.tmp, 0000000B.00000002.516640303.0000000000198000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\vorbis\1.3.7\_\_\build\3b26581a680ab99eb0ef725aa935a0289708df91\build\lib\RelWithDebInfo\vorbis.pdb** source: Audacity.exe, 00000010.00000002.578547685.00007FFCFEFAB000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\flac\1.3.3\_\_\build\4fab43cea7baf5ca3c7db544507a05b38a68f73e\build\src\libFLAC\RelWithDebInfo\FLAC.pdb source: Audacity.exe, 00000010.00000002.580349736.00007FFCFF0A0000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\flac\1.3.3\_\_\build\4fab43cea7baf5ca3c7db544507a05b38a68f73e\build\src\libFLAC++\RelWithDebInfo\FLAC++.pdb source: Audacity.exe, 00000010.00000002.583539424.00007FFCFF270000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\vorbis\1.3.7\_\_\build\3b26581a680ab99eb0ef725aa935a0289708df91\build\lib\RelWithDebInfo\vorbis.pdb source: Audacity.exe, 00000010.00000002.578547685.00007FFCFEFAB000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\vorbis\1.3.7\_\_\build\3b26581a680ab99eb0ef725aa935a0289708df91\build\lib\RelWithDebInfo\vorbisenc.pdb source: Audacity.exe, 00000010.00000002.579864349.00007FFCFF065000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\mpg123\1.29.3\_\_\build\9e1553e6621f02c61665c153436b2dfb785b6498\bin\mpg123.pdb source: Audacity.exe, 00000010.00000002.583274055.00007FFCFF249000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\wxwidgets\3.1.3.3-audacity\_\_\build\f80b0ba6cc698a650654b5966db925c8f7197d7d\build_subfolder\bin\wxbase313u_vc_x64_custom.pdb source: Audacity.exe, 00000010.00000002.593483340.00007FFCFF758000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: C:\devel\projects\audacity\audacity\.conan\data\expat\2.2.9\audacity\stable\build\ad5261bf6074807e7189c351b0f79b113bf2f6c0\build_subfolder\bin\libexpat.pdb source: Audacity.exe, 00000010.00000002.585991860.00007FFCFF3A4000.00000002.00000001.01000000.0000001D.sdmp
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024A534 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, 0_2_0024A534
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025B820 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, 0_2_0025B820
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0026A928 FindFirstFileExA, 0_2_0026A928

Networking
barindex
Snort IDS alert for network traffic
Source: Traffic Snort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.6:49693 -> 188.34.179.139:10561
Source: Traffic Snort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.6:49693 -> 188.34.179.139:10561
Source: Traffic Snort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 188.34.179.139:10561 -> 192.168.2.6:49693
Yara detected Generic Downloader
Source: Yara match File source: 1.3.Installation_controller.exe.3fc3a610.0.raw.unpack, type: UNPACKEDPE
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://audacity.sourceforge.net/xml/audacityffmpegpreset-1.0.0.dtd
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://audacity.sourceforge.net/xml/audacityproject-1.3.0.dtd
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://audacity.sourceforge.net/xml/xmlnsDELETE
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://audacityteam.org.http://audacityteam.org.http://audacityteam.org
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://audacityteam.org/about/
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.530283625.0000000002273000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://audacityteam.org03
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://belazar.info/belsoft/
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000002.516262389.000000000018C000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000002.516262389.000000000018C000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://drobilla.net/ns/lilv#dyn-manifest
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://drobilla.net/ns/lilv#filter-lang
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://drobilla.net/ns/lilv#lv2-path
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://forum.audacityteam.org/
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://kxstudio.sf.net/ns/lv2ext/external-ui#Host
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://kxstudio.sf.net/ns/lv2ext/external-ui#Widget
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lame.sf.net
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lame.sf.net32bits64bits
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lame.sourceforge.net/
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lexvo.org/id/iso639-3/
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://ll-plugins.nongnu.org/lv2/namespace#MathConstantPlugin
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://ll-plugins.nongnu.org/lv2/namespace#MathFunctionPlugin
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#AtomPort
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#AtomPorthttp://lv2plug.in/ns/ext/buf-size#maxBlockLengthhttp://lv2plug
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Blank
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Blankhttp://lv2plug.in/ns/ext/atom#Boolhttp://lv2plug.in/ns/ext/atom#C
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Bool
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Chunk
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Double
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Event
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Eventhttp://lv2plug.in/ns/ext/atom#frameTimehttp://lv2plug.in/ns/ext/a
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Float
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Int
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Literal
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Long
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Object
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Path
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Property
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Resource
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Sequence
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#String
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Tuple
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#URI
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#URID
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#Vector
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#atomhttp://lv2plug.in/ns/ext/presets#psethttp://lv2plug.in/ns/ext/stat
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#beatTime
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#childType
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#childType%2XFailed
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#eventTransfer
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#frameTime
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/atom#supports
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/buf-size#boundedBlockLength
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/buf-size#fixedBlockLength
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/buf-size#maxBlockLength
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/buf-size#minBlockLength
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/buf-size#nominalBlockLength
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/buf-size#sequenceSize
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/data-access
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/dynmanifest#DynManifest
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/event#supportsEvent
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/event#supportsEventlilv_port_get_valuelilv_port_get_name%s():
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/instance-access
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/log#Error
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/log#Note
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/log#Trace
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/log#Warning
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/log#log
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/midi#MidiEvent
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/options#interface
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/options#interfacehttp://lv2plug.in/ns/ext/state#interfaceCouldn
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/options#options
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/options#optionsLV2InstanceFeaturesList::CheckOptionsD:
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/options#requiredOption
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/options#supportedOption
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/parameters#sampleRate
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/port-groups#group
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/port-props#causesArtifacts
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/port-props#expensive
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/port-props#logarithmic
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/port-props#notAutomatic
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/port-props#notOnGUI
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/port-props#rangeSteps
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/port-props#trigger
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/presets#
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/presets#Preset
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/presets#value
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/resize-port#minimumSize
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/state#
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/state#interface
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/state#makePath
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/state#mapPath
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/state#mapPathhttp://lv2plug.in/ns/ext/state#makePathlilv_state_new_from_ins
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/state#state
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/state#statelilv_state_new_from_world%s():
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/time#Position
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/time#frame
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/time#speed
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/uri-map
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/urid#map
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/urid#unmap
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/worker#interface
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/ext/worker#schedule
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#CocoaUI
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#Gtk3UI
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#GtkUI
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#Qt4UI
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#Qt4UIhttp://lv2plug.in/ns/extensions/ui#Qt5UIhttp://lv2plug.in/ns
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#Qt5UI
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#WindowsUI
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#WindowsUIhttp://lv2plug.in/ns/extensions/ui#showInterface&Duratio
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#X11UI
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#binary
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#external
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#fixedSize
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#idleInterface
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#makeResident
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#noUserResize
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#noUserResizehttp://lv2plug.in/ns/extensions/ui#fixedSizehttp://lv
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#parent
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#portMap
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#portMaphttp://lv2plug.in/ns/extensions/ui#portSubscribehttp://lv2
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#portSubscribe
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#resize
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#resizehttp://lv2plug.in/ns/ext/data-accesshttp://kxstudio.sf.net/
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#showInterface
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#touch
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/ui#ui
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/extensions/units#unit
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#AudioPort
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#CVPort
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#ControlPort
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#InputPort
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#InstrumentPlugin
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#MIDIPlugin
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#OutputPort
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#Plugin
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#Specification
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#appliesTo
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#binary
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#control
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#default
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#designation
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#enumeration
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#extensionData
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#index
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#integer
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#latency
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#maximum
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#microVersion
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#minimum
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#minorVersion
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#name
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#optionalFeature
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#port
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#portProperty
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#project
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#projecthttp://usefulinc.com/ns/doap#maintainerhttp://xmlns.com/foaf/0.1
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#prototype
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#reportsLatency
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#requiredFeature
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#sampleRate
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#scalePoint
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#scalePointLANGPOSIXlilv_get_lang%s():
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#symbol
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://lv2plug.in/ns/lv2core#toggled
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://manual.audacityteam.org/o/man/faq_about_audacity.html#free
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.comodoca.com0
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000002.516262389.000000000018C000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com0
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://sbsms.sourceforge.net/
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://usefulinc.com/ns/doap#
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://usefulinc.com/ns/doap#doaphttp://xmlns.com/foaf/0.1/foafhttp://lv2plug.in/ns/lv2core#lv2http:
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://usefulinc.com/ns/doap#maintainer
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://usefulinc.com/ns/doap#name
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://wiki.audacityteam.org/
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.dk-soft.org/
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.gnu.org/licenses/licenses.html
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.haysoft.org%1-k
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.mega-nerd.com/libsndfile/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.portaudio.com/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.portmedia.sourceforge.net/portmidi/
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.twolame.org
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.twolame.org/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.vamp-plugins.org/
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://xmlns.com/foaf/0.1/
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://xmlns.com/foaf/0.1/homepage
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://xmlns.com/foaf/0.1/mbox
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://xmlns.com/foaf/0.1/name
Source: Audacity.exe, 00000010.00000002.544979137.000001241D121000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://audacityteam.org/3.2.0-video
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://audacityteam.org/errors
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://audacityteam.org/errorshereWould
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://audio.com
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://audio.com/%s/%s
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://audio.com/%s/%sWe
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://audio.comaudio.com%%&Unlink
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000002.530240715.0000000000A81000.00000004.00000020.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://creativecommons.org/licenses/by/3.0/legalcode
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000002.530240715.0000000000A81000.00000004.00000020.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.gg/N3XKxzTrq3
Source: Audacity.exe, 00000010.00000002.544979137.000001241D121000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://forum.audacityteam.org/
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://forum.audacityteam.org/.
Source: Audacity.exe, 00000010.00000002.537474178.000001241C94E000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://forum.audacityteam.org/dWh//
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://forum.audacityteam.org/viewforum.php?f=19
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://forum.audacityteam.org/viewforum.php?f=25
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://github.com/audacity/audacity/commit/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://github.com/audacity/audacity/commit/Commit
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/audacity/audacity/pulls
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://github.com/audacity/audacity/releases
Source: WsiysHggF9.exe, 00000000.00000003.251361915.0000000007204000.00000004.00000800.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000000.294843187.0000000000401000.00000020.00000001.01000000.00000007.sdmp String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://libexpat.github.io/
Source: Audacity.exe, 00000010.00000002.544979137.000001241D121000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://manual.audacityteam.org/
Source: Audacity.exe, 00000010.00000000.507856498.00007FF60DF90000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://manual.audacityteam.org/man/faq_opening_and_saving_files.html#foreign
Source: Audacity.exe, 00000010.00000000.507856498.00007FF60DF90000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://manual.audacityteam.org/man/faq_opening_and_saving_files.html#fromcd
Source: Audacity.exe, 00000010.00000000.507856498.00007FF60DF90000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://manual.audacityteam.org/man/playing_and_recording.html#midi
Source: Audacity.exe, 00000010.00000000.507856498.00007FF60DF90000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://manual.audacityteam.org/man/unzipping_the_manual.html
Source: Audacity.exe, 00000010.00000002.544979137.000001241D121000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://manual.audacityteam.org/quick_help.html
Source: Audacity.exe, 00000010.00000002.544110808.000001241D08B000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://manual.audacityteam.org/quick_help.htmlQ
Source: Audacity.exe, 00000010.00000002.544979137.000001241D121000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://manual.audacityteam.org/view
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://plugins.audacityteam.org/
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://plugins.audacityteam.org/No
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://quick_helphttp%..
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.329484659.00000000025AA000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.336259617.000000007FE76000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sectigo.com/CPS0
Source: Audacity.exe, 00000010.00000000.507856498.00007FF60DF90000.00000002.00000001.01000000.0000000D.sdmp, Audacity.exe, 00000010.00000002.574237066.00007FF60E49E000.00000004.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sentry.audacityteam.org/api/2/minidump/?sentry_key=37e6948db02f43ac856bf7edcbe9731d
Source: Audacity.exe, 00000010.00000000.507856498.00007FF60DF90000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sentry.audacityteam.org/api/2/minidump/?sentry_key=37e6948db02f43ac856bf7edcbe9731dversionse
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sourceforge.net/p/portmedia/wiki/portsmf/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sourceforge.net/p/soxr/wiki/Home/
Source: Audacity.exe, 00000010.00000002.537474178.000001241C94E000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://updates.audacityteam.org/feed/latest.xml
Source: Audacity.exe, 00000010.00000002.544979137.000001241D121000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://wiki.audacityteam.org/index.php
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://wiki.audacityteam.org/wiki/EQCurvesDownloadEQBackup.xml
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://wiki.audacityteam.org/wiki/User:Galeandrews
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.audacityteam.org
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.audacityteam.org/
Source: Audacity.exe, 00000010.00000002.539185569.000001241CA8C000.00000004.00000001.00020000.00000000.sdmp, Audacity.exe, 00000010.00000002.532462677.000001241A7A0000.00000002.00000001.00040000.00000000.sdmp, Audacity.exe, 00000010.00000002.537474178.000001241C94E000.00000004.00000001.00020000.00000000.sdmp, Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.audacityteam.org/about/desktop-privacy-notice/
Source: Audacity.exe, 00000010.00000002.537474178.000001241C94E000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.audacityteam.org/about/desktop-privacy-notice/iant;Z/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.audacityteam.org/about/desktop-privacy-notice/our
Source: Audacity.exe, 00000010.00000000.507856498.00007FF60DF90000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.audacityteam.org/download/?(argtype
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.audacityteam.org/download/source
Source: Audacity.exe, 00000010.00000002.537474178.000001241C94E000.00000004.00000001.00020000.00000000.sdmp, Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.audacityteam.org/realtime-video
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.audacityteam.org/realtime-videoWatch
Source: Audacity.exe, 00000010.00000000.507856498.00007FF60DF90000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.audacityteam.org/wiki/index.php?title=file:
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.audacityteam.orgDon
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.cs.cmu.edu/~music/nyquist/
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.gnu.org/licenses/gpl-3.0.en.html
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000002.517966675.0000000002150000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.303356414.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000002.530240715.0000000000A81000.00000004.00000020.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000003.344545902.00000000035A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.327687716.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.330943901.000000007FB80000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000000.337507251.0000000000401000.00000020.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.innosetup.com/
Source: audacity-win-3.2.0-64bit.exe, 0000000A.00000003.327687716.00000000024B0000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.exe, 0000000A.00000003.330943901.000000007FB80000.00000004.00001000.00020000.00000000.sdmp, audacity-win-3.2.0-64bit.tmp, 0000000B.00000000.337507251.0000000000401000.00000020.00000001.01000000.00000008.sdmp String found in binary or memory: https://www.remobjects.com/ps
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.surina.net/soundtouch/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.underbit.com/products/mad/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://wxwidgets.org/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://xiph.org/flac/
Source: Audacity.exe, 00000010.00000000.506712370.00007FF60DF0E000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://xiph.org/vorbis/
Source: unknown DNS traffic detected: queries for: updates.audacityteam.org

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 1.3.Installation_controller.exe.3fc3a610.0.unpack, type: UNPACKEDPE Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 1.3.Installation_controller.exe.3fc3a610.0.unpack, type: UNPACKEDPE Matched rule: Detects zgRAT Author: ditekSHen
Source: 1.3.Installation_controller.exe.3fc3a610.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects RedLine infostealer Author: ditekSHen
Source: 1.3.Installation_controller.exe.3fc3a610.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects zgRAT Author: ditekSHen
Uses 32bit PE files
Source: WsiysHggF9.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 1.3.Installation_controller.exe.3fc3a610.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 1.3.Installation_controller.exe.3fc3a610.0.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 1.3.Installation_controller.exe.3fc3a610.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
Source: 1.3.Installation_controller.exe.3fc3a610.0.raw.unpack, type: UNPACKEDPE Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Detected potential crypto function
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00248525 0_2_00248525
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_002565B6 0_2_002565B6
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025702F 0_2_0025702F
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024404E 0_2_0024404E
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00260146 0_2_00260146
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024E1E0 0_2_0024E1E0
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024326D 0_2_0024326D
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0026457A 0_2_0026457A
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0026055E 0_2_0026055E
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00253731 0_2_00253731
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_002647A9 0_2_002647A9
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024E7E0 0_2_0024E7E0
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_002427D4 0_2_002427D4
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024F8A8 0_2_0024F8A8
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_002539AC 0_2_002539AC
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00260993 0_2_00260993
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_002569EB 0_2_002569EB
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0026CA20 0_2_0026CA20
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00255BE7 0_2_00255BE7
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025FC4A 0_2_0025FC4A
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024EC54 0_2_0024EC54
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00253CDD 0_2_00253CDD
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024BD53 0_2_0024BD53
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024DDAC 0_2_0024DDAC
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00260DC8 0_2_00260DC8
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0026CECE 0_2_0026CECE
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00245F0C 0_2_00245F0C
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00270FD4 0_2_00270FD4
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: String function: 0025EB60 appears 31 times
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: String function: 0025E1C0 appears 52 times
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: String function: 0025E0E4 appears 35 times
Contains functionality to communicate with device drivers
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00247165: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW, 0_2_00247165
PE file contains executable resources (Code or Archives)
Source: audacity-win-3.2.0-64bit.tmp.10.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-NL931.tmp.11.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Sample file is different than original file name gathered from version info
Source: WsiysHggF9.exe, 00000000.00000003.259542463.00000000086D6000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamePilferages.exe4 vs WsiysHggF9.exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\WsiysHggF9.exe Section loaded: <pi-ms-win-core-synch-l1-2-0.dll Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Section loaded: <pi-ms-win-core-synch-l1-2-0.dll Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Section loaded: <pi-ms-win-core-localization-l1-2-1.dll Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Section loaded: dxgidebug.dll Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Section loaded: msvcr120_clr0400.dll Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Section loaded: wldp.dll Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Section loaded: msvcp120_clr0400.dll Jump to behavior
Source: WsiysHggF9.exe ReversingLabs: Detection: 51%
Source: C:\Users\user\Desktop\WsiysHggF9.exe File read: C:\Users\user\Desktop\WsiysHggF9.exe Jump to behavior
Source: WsiysHggF9.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\WsiysHggF9.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\WsiysHggF9.exe C:\Users\user\Desktop\WsiysHggF9.exe
Source: C:\Users\user\Desktop\WsiysHggF9.exe Process created: C:\ProgramData\Installation_controller.exe "C:\ProgramData\Installation_controller.exe"
Source: C:\Users\user\Desktop\WsiysHggF9.exe Process created: C:\ProgramData\audacity-win-3.2.0-64bit.exe "C:\ProgramData\audacity-win-3.2.0-64bit.exe"
Source: C:\ProgramData\audacity-win-3.2.0-64bit.exe Process created: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp "C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp" /SL5="$5040E,13178964,955904,C:\ProgramData\audacity-win-3.2.0-64bit.exe"
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process created: C:\Users\user\AppData\Local\Temp\is-GK43T.tmp\_isetup\_setup64.tmp helper 105 0x420
Source: C:\Users\user\AppData\Local\Temp\is-GK43T.tmp\_isetup\_setup64.tmp Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process created: C:\Program Files\Audacity\Audacity.exe C:\Program Files\Audacity\audacity.exe
Source: C:\Users\user\Desktop\WsiysHggF9.exe Process created: C:\ProgramData\Installation_controller.exe "C:\ProgramData\Installation_controller.exe" Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Process created: C:\ProgramData\audacity-win-3.2.0-64bit.exe "C:\ProgramData\audacity-win-3.2.0-64bit.exe" Jump to behavior
Source: C:\ProgramData\audacity-win-3.2.0-64bit.exe Process created: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp "C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp" /SL5="$5040E,13178964,955904,C:\ProgramData\audacity-win-3.2.0-64bit.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process created: C:\Users\user\AppData\Local\Temp\is-GK43T.tmp\_isetup\_setup64.tmp helper 105 0x420 Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: Audacity.lnk.11.dr LNK file: ..\..\..\..\..\Program Files\Audacity\Audacity.exe
Source: Audacity.lnk0.11.dr LNK file: ..\..\..\Program Files\Audacity\Audacity.exe
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\ProgramData\audacity-win-3.2.0-64bit.exe File created: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp Jump to behavior
Source: classification engine Classification label: mal50.troj.evad.winEXE@11/410@1/0
Source: C:\Users\user\Desktop\WsiysHggF9.exe File read: C:\Windows\win.ini Jump to behavior
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT blockid FROM sampleblocks;
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT summary64k FROM sampleblocks WHERE blockid = ?1;
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT ROWID FROM main.project WHERE id = 1;
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT ROWID FROM main.autosave WHERE id = 1;
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT samples FROM sampleblocks WHERE blockid = ?1;
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT COUNT(1) FROM main.project;
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT Count(*) FROM project;
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT Count(*) FROM sqlite_master WHERE type='table';
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT sampleformat, summin, summax, sumrms, length(samples) FROM sampleblocks WHERE blockid = ?1;
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: INSERT INTO sampleblocks (sampleformat, summin, summax, sumrms, summary256, summary64k, samples) VALUES(?1,?2,?3,?4,?5,?6,?7);
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: INSERT INTO %s.%s(id, dict, doc) VALUES(1, ?1, ?2) ON CONFLICT(id) DO UPDATE SET dict = ?1, doc = ?2;
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT ROWID FROM %s.%s WHERE id = 1;
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT Count(*) FROM sampleblocks;
Source: Audacity.exe, 00000010.00000002.571189245.00007FF60DFE2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: INSERT INTO outbound.sampleblocks SELECT * FROM main.sampleblocks WHERE blockid = ?;
Source: Audacity.exe, 00000010.00000002.571515772.00007FF60E079000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT summary256 FROM sampleblocks WHERE blockid = ?1;
Source: Audacity.exe, 00000010.00000000.507856498.00007FF60DF90000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: SELECT 1 FROM project LIMIT 1;
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00246E5E GetLastError,FormatMessageW, 0_2_00246E5E
Source: C:\ProgramData\audacity-win-3.2.0-64bit.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\ProgramData\audacity-win-3.2.0-64bit.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3792:120:WilError_01
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00259D9A FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree, 0_2_00259D9A
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Command line argument: q( 0_2_0025D42A
Source: C:\Users\user\Desktop\WsiysHggF9.exe Command line argument: sfxname 0_2_0025D42A
Source: C:\Users\user\Desktop\WsiysHggF9.exe Command line argument: sfxstime 0_2_0025D42A
Source: C:\Users\user\Desktop\WsiysHggF9.exe Command line argument: STARTDLG 0_2_0025D42A
Source: C:\Users\user\Desktop\WsiysHggF9.exe Command line argument: pZ) 0_2_0025D42A
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File written: C:\Program Files\Audacity\FirstTime.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Window found: window name: TSelectLanguageForm Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Automated click: Next
Source: C:\Program Files\Audacity\Audacity.exe Automated click: OK
Source: C:\Program Files\Audacity\Audacity.exe Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1 Jump to behavior
Source: WsiysHggF9.exe Static file information: File size 21526435 > 1048576
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\unins000.dat Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-NL931.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-9T84T.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-0UADG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-P90KL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-NTE5N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-9JHT8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-2SCU5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-CV5R1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7U34J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7F1IJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-EPTFT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-IU3MP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-NKFUD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-5OMUN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-5LJ3G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-JO5BM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-SO45U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-VGNVB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-E63DL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7BF1G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-MVD1T.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-J5UM8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-OF8N5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-DBS3U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7HBD3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-EE795.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-6S7SN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-V5T2O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-9K9M7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-UFU1R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-DEMF3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-JALHN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-19I02.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-GCDE1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-1J0J3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-HKQ8J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-U641C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-KRBVG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-R9F1C.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-VMF33.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-NOB4R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-37ABV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-HKD6O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-L050V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-GAK9A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-UR1D7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-3RF3V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-EGO60.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-KJ41F.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-AG00V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-8JNDO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-0UDPU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-L0CK2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-TDP90.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-4STCS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-H8I8G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-UJ3RS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-LAIB1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-K3IU2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-32N1E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-0KP7K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-8SGGQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-IOAI2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-K8GOH.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-KRBQ3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-6C785.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-5BTDL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-5AL5G.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\is-7A0A0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\af Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\af\is-HO62N.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ar Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ar\is-T0H9J.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\be Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\be\is-M4P44.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bg\is-3UN24.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bn\is-TP6MB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\bs\is-2VUIJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ca Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ca\is-6CEK5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ca_ES@valencia Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ca_ES@valencia\is-MT216.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\co Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\co\is-3NQSM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\cs Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\cs\is-T6M9E.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\cy Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\cy\is-H92PA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\da Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\da\is-L5QPV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\de Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\de\is-52QJJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\el Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\el\is-4K82R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\es Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\es\is-44RRB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\eu Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\eu\is-BBOJ7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\eu_ES Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\eu_ES\is-AMHSN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fa\is-FG87I.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fi\is-N6N61.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\fr\is-NL67K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ga Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ga\is-T5ETS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\gl Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\gl\is-OKLKC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\he Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\he\is-O5794.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hi\is-SQO61.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hr\is-PHG0Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hu Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hu\is-LCVQ1.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hy Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\hy\is-U2HOB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\id Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\id\is-3J2H4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\it Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\it\is-E6HJ8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ja Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ja\is-JQCT8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ka Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ka\is-61DBE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\km Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\km\is-7REVL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ko Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ko\is-J5S6V.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\lt Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\lt\is-2CVMQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\mk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\mk\is-02VU6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\mr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\mr\is-NDISD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\my Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\my\is-PIIHM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\nb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\nb\is-B1TJE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\nl Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\nl\is-RTSGB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\oc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\oc\is-FI563.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pl Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pl\is-LEVD6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pt_BR Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pt_BR\is-IMKJS.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pt_PT Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\pt_PT\is-CU15K.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ro Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ro\is-F0KFG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ru Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ru\is-DR3N6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sk\is-N11CT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sl Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sl\is-4TL5P.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sr_RS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sr_RS\is-PRSVB.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sr_RS@latin Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sr_RS@latin\is-644HF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sv Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\sv\is-BSL79.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ta Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\ta\is-D76SJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\tg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\tg\is-KRUGD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\tr Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\tr\is-SKP1O.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\uk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\uk\is-1SRVN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\vi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\vi\is-DG9PQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\zh_CN Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\zh_CN\is-5KIHE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\zh_TW Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Languages\zh_TW\is-1MOHQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-7K270.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-NTKH4.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-D9254.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-IL8FC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-UVR1R.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-PVUQC.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-QSS2A.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-CGAC7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-8A690.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-PPVH8.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-RHAJM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-HH9U2.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-CFM98.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-EVALG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-L09O0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-5GAUM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-NQM3B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-ESFAT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-13T21.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-BQNBQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-V3FC0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-BNLP7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-6R5OG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-RAD77.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-G5GC0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-DQTC5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-MROM6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-2UCMK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-NPI02.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\is-MMQJF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-P0K9Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-3463Q.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-E4TOU.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-5EL2U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-05MM5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-727SG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-3DJRE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-RT5IA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-20JHV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-HJCIF.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-E3H07.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-C2JTA.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-O6A7U.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-P38RE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Nyquist\rawwaves\is-4EKK3.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-TBL3M.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-ODRMT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-LRPH6.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-II6NQ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-11997.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-P00HI.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-EJHHE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-6KU03.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-LHPLL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-V3UUL.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-MD7TV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-KU5LN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-02MKN.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-SP0OV.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-NO5SG.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-SO3LD.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-BRLM5.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-BD9F7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-G1KMP.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-06UFT.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-6QFDO.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-P1C46.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-77BQK.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-853A0.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-QVTJ7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-591EJ.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-MQUPM.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-LKBSE.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\Plug-Ins\is-C5P2B.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\modules Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\modules\is-JOTP7.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Directory created: C:\Program Files\Audacity\unins000.msg Jump to behavior
Source: WsiysHggF9.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: WsiysHggF9.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: WsiysHggF9.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: WsiysHggF9.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: WsiysHggF9.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: WsiysHggF9.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: WsiysHggF9.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: WsiysHggF9.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: WsiysHggF9.exe, 00000000.00000003.245658936.00000000052DC000.00000004.00000800.00020000.00000000.sdmp, WsiysHggF9.exe, 00000000.00000002.303976798.0000000000272000.00000002.00000001.01000000.00000003.sdmp, WsiysHggF9.exe, 00000000.00000003.244701687.00000000052B8000.00000004.00000800.00020000.00000000.sdmp, WsiysHggF9.exe, 00000000.00000000.243769548.0000000000272000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\mpg123\1.29.3\_\_\build\9e1553e6621f02c61665c153436b2dfb785b6498\bin\mpg123.pdb00 source: Audacity.exe, 00000010.00000002.583274055.00007FFCFF249000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\flac\1.3.3\_\_\build\4fab43cea7baf5ca3c7db544507a05b38a68f73e\build\src\libFLAC\RelWithDebInfo\FLAC.pdb11 source: Audacity.exe, 00000010.00000002.580349736.00007FFCFF0A0000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\ogg\1.3.4\_\_\build\ad5261bf6074807e7189c351b0f79b113bf2f6c0\build\RelWithDebInfo\ogg.pdb source: Audacity.exe, 00000010.00000002.576735272.00007FFCFEEB9000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\flac\1.3.3\_\_\build\4fab43cea7baf5ca3c7db544507a05b38a68f73e\build\src\libFLAC++\RelWithDebInfo\FLAC++.pdb!! source: Audacity.exe, 00000010.00000002.583539424.00007FFCFF270000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: _.pdb source: Installation_controller.exe, 00000001.00000003.378455694.000000003FC3A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\audacity\audacity\.build.x64\bin\RelWithDebInfo\modules\mod-script-pipe.pdb source: audacity-win-3.2.0-64bit.tmp, 0000000B.00000002.516640303.0000000000198000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\vorbis\1.3.7\_\_\build\3b26581a680ab99eb0ef725aa935a0289708df91\build\lib\RelWithDebInfo\vorbis.pdb** source: Audacity.exe, 00000010.00000002.578547685.00007FFCFEFAB000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\flac\1.3.3\_\_\build\4fab43cea7baf5ca3c7db544507a05b38a68f73e\build\src\libFLAC\RelWithDebInfo\FLAC.pdb source: Audacity.exe, 00000010.00000002.580349736.00007FFCFF0A0000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\flac\1.3.3\_\_\build\4fab43cea7baf5ca3c7db544507a05b38a68f73e\build\src\libFLAC++\RelWithDebInfo\FLAC++.pdb source: Audacity.exe, 00000010.00000002.583539424.00007FFCFF270000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\vorbis\1.3.7\_\_\build\3b26581a680ab99eb0ef725aa935a0289708df91\build\lib\RelWithDebInfo\vorbis.pdb source: Audacity.exe, 00000010.00000002.578547685.00007FFCFEFAB000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\vorbis\1.3.7\_\_\build\3b26581a680ab99eb0ef725aa935a0289708df91\build\lib\RelWithDebInfo\vorbisenc.pdb source: Audacity.exe, 00000010.00000002.579864349.00007FFCFF065000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\mpg123\1.29.3\_\_\build\9e1553e6621f02c61665c153436b2dfb785b6498\bin\mpg123.pdb source: Audacity.exe, 00000010.00000002.583274055.00007FFCFF249000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: D:\a\audacity\audacity\.conan\data\wxwidgets\3.1.3.3-audacity\_\_\build\f80b0ba6cc698a650654b5966db925c8f7197d7d\build_subfolder\bin\wxbase313u_vc_x64_custom.pdb source: Audacity.exe, 00000010.00000002.593483340.00007FFCFF758000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: C:\devel\projects\audacity\audacity\.conan\data\expat\2.2.9\audacity\stable\build\ad5261bf6074807e7189c351b0f79b113bf2f6c0\build_subfolder\bin\libexpat.pdb source: Audacity.exe, 00000010.00000002.585991860.00007FFCFF3A4000.00000002.00000001.01000000.0000001D.sdmp
Source: WsiysHggF9.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: WsiysHggF9.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: WsiysHggF9.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: WsiysHggF9.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: WsiysHggF9.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation
barindex
Obfuscated command line found
Source: C:\ProgramData\audacity-win-3.2.0-64bit.exe Process created: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp "C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp" /SL5="$5040E,13178964,955904,C:\ProgramData\audacity-win-3.2.0-64bit.exe"
Source: C:\ProgramData\audacity-win-3.2.0-64bit.exe Process created: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp "C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp" /SL5="$5040E,13178964,955904,C:\ProgramData\audacity-win-3.2.0-64bit.exe" Jump to behavior
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025E0E4 push eax; ret 0_2_0025E102
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025EBA6 push ecx; ret 0_2_0025EBB9
PE file contains sections with non-standard names
Source: WsiysHggF9.exe Static PE information: section name: .didat
Source: audacity-win-3.2.0-64bit.exe.0.dr Static PE information: section name: .didata
Source: Installation_controller.exe.0.dr Static PE information: section name: .alcjdaw
Source: Installation_controller.exe.0.dr Static PE information: section name: .alcjdaw
Source: audacity-win-3.2.0-64bit.tmp.10.dr Static PE information: section name: .didata
Source: is-CV5R1.tmp.11.dr Static PE information: section name: .00cfg
Source: is-7U34J.tmp.11.dr Static PE information: section name: .00cfg
Source: is-7F1IJ.tmp.11.dr Static PE information: section name: .00cfg
Source: is-EPTFT.tmp.11.dr Static PE information: section name: .00cfg
Source: is-IU3MP.tmp.11.dr Static PE information: section name: .00cfg
Source: is-NKFUD.tmp.11.dr Static PE information: section name: .00cfg
Source: is-5OMUN.tmp.11.dr Static PE information: section name: .00cfg
Source: is-5LJ3G.tmp.11.dr Static PE information: section name: .00cfg
Source: is-NL931.tmp.11.dr Static PE information: section name: .didata
Source: is-NTE5N.tmp.11.dr Static PE information: section name: .00cfg
Source: is-NTE5N.tmp.11.dr Static PE information: section name: _RDATA
Source: is-9JHT8.tmp.11.dr Static PE information: section name: .00cfg
Source: is-JO5BM.tmp.11.dr Static PE information: section name: .00cfg
Source: is-SO45U.tmp.11.dr Static PE information: section name: .00cfg
Source: is-VGNVB.tmp.11.dr Static PE information: section name: .00cfg
Source: is-E63DL.tmp.11.dr Static PE information: section name: .00cfg
Source: is-7BF1G.tmp.11.dr Static PE information: section name: .00cfg
Source: is-MVD1T.tmp.11.dr Static PE information: section name: .00cfg
Source: is-J5UM8.tmp.11.dr Static PE information: section name: .00cfg
Source: is-OF8N5.tmp.11.dr Static PE information: section name: .00cfg
Source: is-DBS3U.tmp.11.dr Static PE information: section name: .00cfg
Source: is-7HBD3.tmp.11.dr Static PE information: section name: .00cfg
Source: is-EE795.tmp.11.dr Static PE information: section name: .00cfg
Source: is-6S7SN.tmp.11.dr Static PE information: section name: .00cfg
Source: is-V5T2O.tmp.11.dr Static PE information: section name: .00cfg
Source: is-9K9M7.tmp.11.dr Static PE information: section name: .00cfg
Source: is-UFU1R.tmp.11.dr Static PE information: section name: .00cfg
Source: is-DEMF3.tmp.11.dr Static PE information: section name: .00cfg
Source: is-JALHN.tmp.11.dr Static PE information: section name: .00cfg
Source: is-19I02.tmp.11.dr Static PE information: section name: .00cfg
Source: is-GCDE1.tmp.11.dr Static PE information: section name: .00cfg
Source: is-1J0J3.tmp.11.dr Static PE information: section name: .00cfg
Source: is-HKQ8J.tmp.11.dr Static PE information: section name: .00cfg
Source: is-U641C.tmp.11.dr Static PE information: section name: .00cfg
Source: is-KRBVG.tmp.11.dr Static PE information: section name: .00cfg
Source: is-R9F1C.tmp.11.dr Static PE information: section name: .00cfg
Source: is-VMF33.tmp.11.dr Static PE information: section name: .00cfg
Source: is-NOB4R.tmp.11.dr Static PE information: section name: .00cfg
Source: is-37ABV.tmp.11.dr Static PE information: section name: .00cfg
Source: is-HKD6O.tmp.11.dr Static PE information: section name: .00cfg
Source: is-L050V.tmp.11.dr Static PE information: section name: .00cfg
Source: is-GAK9A.tmp.11.dr Static PE information: section name: .rodata
Source: is-GAK9A.tmp.11.dr Static PE information: section name: .00cfg
Source: is-8JNDO.tmp.11.dr Static PE information: section name: .00cfg
Source: is-0UDPU.tmp.11.dr Static PE information: section name: .00cfg
Source: is-L0CK2.tmp.11.dr Static PE information: section name: .00cfg
Source: is-TDP90.tmp.11.dr Static PE information: section name: .00cfg
Source: is-4STCS.tmp.11.dr Static PE information: section name: .00cfg
Source: is-H8I8G.tmp.11.dr Static PE information: section name: _RDATA
Source: is-LAIB1.tmp.11.dr Static PE information: section name: .00cfg
Source: is-K3IU2.tmp.11.dr Static PE information: section name: .00cfg
Source: is-32N1E.tmp.11.dr Static PE information: section name: .00cfg
Source: is-0KP7K.tmp.11.dr Static PE information: section name: asmcode
Source: is-0KP7K.tmp.11.dr Static PE information: section name: .00cfg
Source: is-8SGGQ.tmp.11.dr Static PE information: section name: .00cfg
Source: is-IOAI2.tmp.11.dr Static PE information: section name: .00cfg
Source: is-K8GOH.tmp.11.dr Static PE information: section name: .00cfg
Source: is-KRBQ3.tmp.11.dr Static PE information: section name: minATL
Source: is-KRBQ3.tmp.11.dr Static PE information: section name: .00cfg
Source: is-6C785.tmp.11.dr Static PE information: section name: .00cfg
Source: is-5BTDL.tmp.11.dr Static PE information: section name: .00cfg
Source: is-5AL5G.tmp.11.dr Static PE information: section name: .00cfg
Source: is-JOTP7.tmp.11.dr Static PE information: section name: .00cfg
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .alcjdaw
File is packed with WinRar
Source: C:\Users\user\Desktop\WsiysHggF9.exe File created: C:\ProgramData\__tmp_rar_sfx_access_check_6416453 Jump to behavior
Binary contains a suspicious time stamp
Source: is-2SCU5.tmp.11.dr Static PE information: 0x6E8BFE97 [Mon Oct 9 01:40:39 2028 UTC]
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\Desktop\WsiysHggF9.exe File created: C:\ProgramData\audacity-win-3.2.0-64bit.exe Jump to dropped file
Source: C:\Users\user\Desktop\WsiysHggF9.exe File created: C:\ProgramData\Installation_controller.exe Jump to dropped file
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-7F1IJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\msvcp140_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\FLAC.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-sentry-reporting.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-KJ41F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-UJ3RS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-TDP90.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-theme-resources.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\zlib1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\sndfile.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-HKD6O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-transactions.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-EGO60.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-UR1D7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\ogg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-screen-geometry.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\WsiysHggF9.exe File created: C:\ProgramData\audacity-win-3.2.0-64bit.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-37ABV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-5LJ3G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\portaudio_x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-preferences.dll (copy) Jump to dropped file
Source: C:\ProgramData\audacity-win-3.2.0-64bit.exe File created: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\msvcp140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-K8GOH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-NOB4R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-0KP7K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-audio-graph.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-exceptions.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-basic-ui.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-files.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\libexpat.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-5BTDL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-SO45U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\wavpackdll.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-IU3MP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\modules\is-JOTP7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-theme.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\vorbisenc.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\msvcp140_codecvt_ids.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-cloud-audiocom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Users\user\AppData\Local\Temp\is-GK43T.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-2SCU5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-graphics.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\libcurl.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-GAK9A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-EPTFT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\crashreporter.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-audio-devices.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-project-rate.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-sample-track.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-L050V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-module-manager.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-L0CK2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-V5T2O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\portmidi.dll (copy) Jump to dropped file
Source: C:\Users\user\Desktop\WsiysHggF9.exe File created: C:\ProgramData\Installation_controller.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-9K9M7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-DEMF3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-UFU1R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-5AL5G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\opus.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\vcruntime140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-E63DL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-JALHN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-project.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\modules\mod-script-pipe.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-DBS3U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-uuid.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-J5UM8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-ffmpeg-support.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\wxmsw313u_aui_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-6C785.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-AG00V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-9JHT8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-K3IU2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-LAIB1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-string-utils.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\Audacity.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-4STCS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-R9F1C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-registries.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-VGNVB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-OF8N5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\vcruntime140_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\wxmsw313u_html_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\wxmsw313u_qa_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-NTE5N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-EE795.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\wxbase313u_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\mpg123.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-xml.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\wxmsw313u_core_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-VMF33.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-JO5BM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-6S7SN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\vorbisfile.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-track.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-H8I8G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-8SGGQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\vorbis.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-ipc.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-KRBVG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-U641C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-MVD1T.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-8JNDO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-utility.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\FLAC++.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-CV5R1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\msvcp140_atomic_wait.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-7U34J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\mod-script-pipe.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-7HBD3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-math.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-url-schemes.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-5OMUN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-3RF3V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-IOAI2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-components.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-KRBQ3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-network-manager.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\wxbase313u_xml_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-NKFUD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-NL931.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-19I02.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-32N1E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-cloud-upload.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-project-history.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\msvcp140_2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-7BF1G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\lib-strings.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-1J0J3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-HKQ8J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-0UDPU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\is-GCDE1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\Program Files\Audacity\concrt140.dll (copy) Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FA20005 value: E9 CB 98 37 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D998D0 value: E9 3A 67 C8 C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FA30005 value: E9 4B 9A 36 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99A50 value: E9 BA 65 C9 C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FA40005 value: E9 2B 98 35 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99830 value: E9 DA 67 CA C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FA70005 value: E9 3B 95 32 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99540 value: E9 CA 6A CD C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FB60005 value: E9 EB 95 23 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D995F0 value: E9 1A 6A DC C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FB70005 value: E9 8B 99 22 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99990 value: E9 7A 66 DD C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FB80005 value: E9 6B 97 21 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99770 value: E9 9A 68 DE C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FB90005 value: E9 4B 98 20 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99850 value: E9 BA 67 DF C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FBA0005 value: E9 9B 99 1F 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D999A0 value: E9 6A 66 E0 C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FBB0005 value: E9 0B 9A 1E 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99A10 value: E9 FA 65 E1 C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FBC0005 value: E9 7B 97 1D 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99780 value: E9 8A 68 E2 C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FBD0005 value: E9 9B 97 1C 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D997A0 value: E9 6A 68 E3 C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FCE0005 value: E9 2B 97 0B 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99730 value: E9 DA 68 F4 C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FCF0005 value: E9 FB 99 0A 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D99A00 value: E9 0A 66 F5 C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FD00005 value: E9 CB 95 09 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D995D0 value: E9 3A 6A F6 C7 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 3FD10005 value: E9 DB 95 08 38 Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory written: PID: 6064 base: 77D995E0 value: E9 2A 6A F7 C7 Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\ProgramData\audacity-win-3.2.0-64bit.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: Installation_controller.exe, 00000001.00000002.517305085.0000000000426000.00000020.00000001.01000000.00000005.sdmp Binary or memory string: EFDXSBIEDLL.DLL
Source: Installation_controller.exe, 00000001.00000002.517305085.0000000000426000.00000020.00000001.01000000.00000005.sdmp Binary or memory string: EFDXSBIEDLL.DLL!H
Tries to detect virtualization through RDTSC time measurements
Source: C:\ProgramData\Installation_controller.exe RDTSC instruction interceptor: First address: 000000003F26A70C second address: 000000003F2B4A41 instructions: 0x00000000 rdtsc 0x00000002 seto dl 0x00000005 mov edx, dword ptr [esp+ecx] 0x00000008 sar eax, 6Fh 0x0000000b bswap eax 0x0000000d cmp eax, ebp 0x0000000f sub edi, 00000004h 0x00000015 bsf ax, bx 0x00000019 mov dword ptr [edi], edx 0x0000001b mov eax, dword ptr [esi] 0x0000001d jmp 00007F385D0EF774h 0x00000022 add esi, 00000004h 0x00000028 test ecx, ebx 0x0000002a xor eax, ebx 0x0000002c test sp, dx 0x0000002f clc 0x00000030 add eax, 42893A75h 0x00000035 clc 0x00000036 cmc 0x00000037 rol eax, 02h 0x0000003a jmp 00007F385CFFDF2Fh 0x0000003f dec eax 0x00000040 test bh, 0000001Ch 0x00000043 clc 0x00000044 cmp esp, ebp 0x00000046 not eax 0x00000048 stc 0x00000049 cmp ax, 00007F56h 0x0000004d jmp 00007F385D0AFAA3h 0x00000052 xor ebx, eax 0x00000054 test ah, dl 0x00000056 cmp esi, 13D16209h 0x0000005c jmp 00007F385D782616h 0x00000061 add ebp, eax 0x00000063 jmp 00007F385C960F17h 0x00000068 jmp 00007F385D1D259Ah 0x0000006d lea edx, dword ptr [esp+60h] 0x00000071 cmp edi, edx 0x00000073 jmp 00007F385D059CB4h 0x00000078 ja 00007F385D6558BFh 0x0000007e jmp ebp 0x00000080 movzx ecx, byte ptr [esi] 0x00000083 shrd eax, ecx, 0000004Ah 0x00000087 add dh, bh 0x00000089 lea esi, dword ptr [esi+00000001h] 0x0000008f rcl dh, FFFFFFADh 0x00000092 inc edx 0x00000093 xor cl, bl 0x00000095 rdtsc
Source: C:\ProgramData\Installation_controller.exe RDTSC instruction interceptor: First address: 000000003F3C0CC8 second address: 000000003F3C0CDC instructions: 0x00000000 rdtsc 0x00000002 pop edi 0x00000003 xor esi, edi 0x00000005 mov ah, bl 0x00000007 pop ebp 0x00000008 adc si, 7F3Fh 0x0000000d btc dx, si 0x00000011 pop esi 0x00000012 cbw 0x00000014 rdtsc
Source: C:\ProgramData\Installation_controller.exe RDTSC instruction interceptor: First address: 00000000006AEEF5 second address: 000000003EF47073 instructions: 0x00000000 rdtsc 0x00000002 seto dl 0x00000005 mov edx, dword ptr [esp+ecx] 0x00000008 sar eax, 6Fh 0x0000000b bswap eax 0x0000000d cmp eax, ebp 0x0000000f sub edi, 00000004h 0x00000015 bsf ax, bx 0x00000019 mov dword ptr [edi], edx 0x0000001b mov eax, dword ptr [esi] 0x0000001d jmp 00007F385CE63102h 0x00000022 add esi, 00000004h 0x00000028 test ecx, ebx 0x0000002a xor eax, ebx 0x0000002c test sp, dx 0x0000002f clc 0x00000030 add eax, 42893A75h 0x00000035 clc 0x00000036 cmc 0x00000037 rol eax, 02h 0x0000003a jmp 00007F385D1434E5h 0x0000003f dec eax 0x00000040 test bh, 0000001Ch 0x00000043 clc 0x00000044 cmp esp, ebp 0x00000046 not eax 0x00000048 stc 0x00000049 cmp ax, 00007F56h 0x0000004d jmp 00007F385D0D89F5h 0x00000052 xor ebx, eax 0x00000054 test ah, dl 0x00000056 cmp esi, 13D16209h 0x0000005c jmp 00007F385D07F383h 0x00000061 add ebp, eax 0x00000063 jmp 00007F385D12C6D5h 0x00000068 jmp 00007F389B92B14Eh 0x0000006d lea edx, dword ptr [esp+60h] 0x00000071 cmp edi, edx 0x00000073 jmp 00007F381E6953ECh 0x00000078 ja 00007F385CF7D2CBh 0x0000007e jmp ebp 0x00000080 movzx ecx, byte ptr [esi] 0x00000083 shrd eax, ecx, 0000004Ah 0x00000087 add dh, bh 0x00000089 lea esi, dword ptr [esi+00000001h] 0x0000008f rcl dh, FFFFFFADh 0x00000092 inc edx 0x00000093 xor cl, bl 0x00000095 rdtsc
Source: C:\ProgramData\Installation_controller.exe RDTSC instruction interceptor: First address: 00000000004AE5ED second address: 00000000004AE601 instructions: 0x00000000 rdtsc 0x00000002 pop edi 0x00000003 xor esi, edi 0x00000005 mov ah, bl 0x00000007 pop ebp 0x00000008 adc si, 7F3Fh 0x0000000d btc dx, si 0x00000011 pop esi 0x00000012 cbw 0x00000014 rdtsc
Source: C:\ProgramData\Installation_controller.exe RDTSC instruction interceptor: First address: 000000003F404373 second address: 000000003F4043A5 instructions: 0x00000000 rdtsc 0x00000002 inc cx 0x00000004 rol eax, FFFFFFF0h 0x00000007 rcr ebx, FFFFFFEBh 0x0000000a inc ecx 0x0000000b pop ebp 0x0000000c pop esi 0x0000000d inc ecx 0x0000000e pop edx 0x0000000f cbw 0x00000011 inc ecx 0x00000012 pop esi 0x00000013 pop edi 0x00000014 rcl dl, cl 0x00000016 inc ecx 0x00000017 pop ecx 0x00000018 adc dh, FFFFFFF0h 0x0000001b inc cx 0x0000001d mov edx, ebp 0x0000001f and bp, 0BE3h 0x00000024 pop ebp 0x00000025 movsx edx, si 0x00000028 inc ecx 0x00000029 and ah, FFFFFFDCh 0x0000002c inc ecx 0x0000002d pop esp 0x0000002e inc ecx 0x0000002f sar ebx, FFFFFF8Eh 0x00000032 rdtsc
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-7F1IJ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\msvcp140_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\FLAC.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-sentry-reporting.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-KJ41F.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-UJ3RS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-TDP90.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-theme-resources.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\zlib1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\sndfile.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-HKD6O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-transactions.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-EGO60.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-UR1D7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\ogg.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-screen-geometry.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-37ABV.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-5LJ3G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\portaudio_x64.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-preferences.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\msvcp140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-K8GOH.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-NOB4R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-0KP7K.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-exceptions.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-audio-graph.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-basic-ui.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-files.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\libexpat.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-5BTDL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-SO45U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\wavpackdll.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-IU3MP.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\modules\is-JOTP7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-theme.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\vorbisenc.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\msvcp140_codecvt_ids.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-cloud-audiocom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-graphics.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-2SCU5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\libcurl.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-GAK9A.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-EPTFT.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\crashreporter.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-audio-devices.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-project-rate.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-sample-track.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-L050V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-module-manager.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-L0CK2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-V5T2O.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\portmidi.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-9K9M7.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-DEMF3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-UFU1R.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\vcruntime140.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\opus.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-5AL5G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-E63DL.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-project.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-JALHN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\modules\mod-script-pipe.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-DBS3U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-uuid.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-J5UM8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-ffmpeg-support.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\wxmsw313u_aui_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-6C785.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-AG00V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-K3IU2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-9JHT8.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-LAIB1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-string-utils.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-4STCS.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-R9F1C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-registries.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-VGNVB.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-OF8N5.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\wxmsw313u_qa_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\wxmsw313u_html_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\vcruntime140_1.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-EE795.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\wxbase313u_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\mpg123.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-xml.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\wxmsw313u_core_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-VMF33.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-JO5BM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-6S7SN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\vorbisfile.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-track.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-H8I8G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-8SGGQ.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\vorbis.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-ipc.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-KRBVG.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-U641C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-8JNDO.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-MVD1T.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-utility.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\FLAC++.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-CV5R1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\msvcp140_atomic_wait.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-7U34J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\mod-script-pipe.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-7HBD3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-math.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-url-schemes.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-5OMUN.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-3RF3V.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-components.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-IOAI2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-KRBQ3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-network-manager.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\wxbase313u_xml_vc_x64_custom.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-NKFUD.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-19I02.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-32N1E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-cloud-upload.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-project-history.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\msvcp140_2.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-7BF1G.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\lib-strings.dll (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-1J0J3.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-HKQ8J.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-0UDPU.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\is-GCDE1.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Dropped PE file which has not been started: C:\Program Files\Audacity\concrt140.dll (copy) Jump to dropped file
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\ProgramData\Installation_controller.exe Memory allocated: 3FED0000 memory reserve | memory write watch Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory allocated: 41AC0000 memory reserve | memory write watch Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Memory allocated: 418B0000 memory reserve | memory write watch Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025DBC8 VirtualQuery,GetSystemInfo, 0_2_0025DBC8
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024A534 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, 0_2_0024A534
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025B820 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, 0_2_0025B820
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0026A928 FindFirstFileExA, 0_2_0026A928
Source: C:\Users\user\Desktop\WsiysHggF9.exe API call chain: ExitProcess graph end node
Source: WsiysHggF9.exe, 00000000.00000002.309826642.0000000009211000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\f
Source: Audacity.exe, 00000010.00000002.537474178.000001241C94E000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
Source: WsiysHggF9.exe, 00000000.00000002.309826642.0000000009211000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_002684EF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_002684EF
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0026B610 GetProcessHeap, 0_2_0026B610
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_00267363 mov eax, dword ptr fs:[00000030h] 0_2_00267363
Source: C:\ProgramData\Installation_controller.exe Memory allocated: page read and write | page guard Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025EEB3 SetUnhandledExceptionFilter, 0_2_0025EEB3
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025F07B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_0025F07B
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_002684EF IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_002684EF
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025ED65 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_0025ED65
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\WsiysHggF9.exe Process created: C:\ProgramData\Installation_controller.exe "C:\ProgramData\Installation_controller.exe" Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Process created: C:\ProgramData\audacity-win-3.2.0-64bit.exe "C:\ProgramData\audacity-win-3.2.0-64bit.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Process created: C:\Users\user\AppData\Local\Temp\is-GK43T.tmp\_isetup\_setup64.tmp helper 105 0x420 Jump to behavior
Source: Audacity.exe, 00000010.00000002.532462677.000001241A7A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: XProgram Manager
Source: Audacity.exe, 00000010.00000002.532462677.000001241A7A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: Audacity.exe, 00000010.00000002.532462677.000001241A7A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: Audacity.exe, 00000010.00000002.532462677.000001241A7A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Queries the volume information (name, serial number etc) of a device
Source: C:\ProgramData\Installation_controller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\ProgramData\Installation_controller.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BVVE5.tmp\audacity-win-3.2.0-64bit.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: GetLocaleInfoW,GetNumberFormatW, 0_2_0025A5BC
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025EBBB cpuid 0_2_0025EBBB
Source: C:\ProgramData\Installation_controller.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0025D42A GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle, 0_2_0025D42A
Source: C:\Users\user\Desktop\WsiysHggF9.exe Code function: 0_2_0024AC35 GetVersionExW, 0_2_0024AC35

Stealing of Sensitive Information
barindex
Yara detected RedLine Stealer
Source: Yara match File source: dump.pcap, type: PCAP

Remote Access Functionality
barindex
Yara detected RedLine Stealer
Source: Yara match File source: dump.pcap, type: PCAP
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 715159 Sample: WsiysHggF9.exe Startdate: 03/10/2022 Architecture: WINDOWS Score: 50 42 updates.audacityteam.org 2->42 44 Snort IDS alert for network traffic 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 Multi AV Scanner detection for submitted file 2->48 50 3 other signatures 2->50 10 WsiysHggF9.exe 5 2->10         started        signatures3 process4 file5 36 C:\ProgramData\audacity-win-3.2.0-64bit.exe, PE32 10->36 dropped 38 C:\ProgramData\Installation_controller.exe, PE32 10->38 dropped 13 audacity-win-3.2.0-64bit.exe 2 10->13         started        17 Installation_controller.exe 2 10->17         started        process6 file7 40 C:\Users\...\audacity-win-3.2.0-64bit.tmp, PE32 13->40 dropped 52 Obfuscated command line found 13->52 19 audacity-win-3.2.0-64bit.tmp 35 281 13->19         started        54 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 17->54 56 Tries to detect virtualization through RDTSC time measurements 17->56 signatures8 process9 file10 28 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 19->28 dropped 30 C:\Program Files\Audacity\zlib1.dll (copy), PE32+ 19->30 dropped 32 C:\...\wxmsw313u_qa_vc_x64_custom.dll (copy), PE32+ 19->32 dropped 34 130 other files (none is malicious) 19->34 dropped 22 _setup64.tmp 1 19->22         started        24 Audacity.exe 19->24         started        process11 process12 26 conhost.exe 22->26         started       
No contacted IP infos

Contacted Domains

Name IP Active
updates.audacityteam.org 172.67.74.133 true