Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
2_2_009BF200 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009B4696 GetFileAttributesW,FindFirstFileW,FindClose, |
2_2_009B4696 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
2_2_009BC9C7 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BC93C FindFirstFileW,FindClose, |
2_2_009BC93C |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
2_2_009BF35D |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
2_2_009BF65E |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009B3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
2_2_009B3A2B |
Source: at.exe, 00000002.00000002.358917443.00000000017B4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bot.whatismyipaddress.com |
Source: POv5Nk1dlu.exe, 00000000.00000002.316065070.0000000000DEF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://bot.whatismyipaddress.com6 |
Source: POv5Nk1dlu.exe, 00000000.00000002.316065070.0000000000DEF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.orgmTime |
Source: at.exe, 00000002.00000002.358917443.00000000017B4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://checkip.dyndns.orgmTimed |
Source: at.exe, 00000002.00000002.358917443.00000000017B4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.myexternalip.com/raw |
Source: POv5Nk1dlu.exe, 00000000.00000002.316065070.0000000000DEF000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.myexternalip.com/raw/ |
Source: POv5Nk1dlu.exe, 00000000.00000002.316017878.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp, at.exe, 00000002.00000002.358917443.00000000017B4000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://api.ipify.org |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDCDAC NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,6F83BC60,6F83AF40,SetCapture,ClientToScreen,6F83B190,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
0_2_00FDCDAC |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DCDAC NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,6F83BC60,6F83AF40,SetCapture,ClientToScreen,6F83B190,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
2_2_009DCDAC |
Source: POv5Nk1dlu.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: POv5Nk1dlu.exe, 00000000.00000003.304290006.0000000003598000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: POv5Nk1dlu.exe, 00000000.00000003.304290006.0000000003598000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
|
Source: POv5Nk1dlu.exe, 00000000.00000002.316438570.0000000001005000.00000080.00000001.01000000.00000003.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: POv5Nk1dlu.exe, 00000000.00000002.316438570.0000000001005000.00000080.00000001.01000000.00000003.sdmp |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
|
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: This is a third-party compiled AutoIt script. |
2_2_00953B4C |
Source: at.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: at.exe, 00000002.00000000.346969623.0000000000A05000.00000080.00000001.01000000.00000007.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: at.exe, 00000002.00000000.346969623.0000000000A05000.00000080.00000001.01000000.00000007.sdmp |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
|
Source: at.exe, 00000002.00000003.350512567.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: at.exe, 00000002.00000003.350512567.0000000003CE0000.00000004.00000800.00020000.00000000.sdmp |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
|
Source: POv5Nk1dlu.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: POv5Nk1dlu.exe |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
|
Source: at.exe.0.dr |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: at.exe.0.dr |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer |
|
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F5E060 |
0_2_00F5E060 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F5E800 |
0_2_00F5E800 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F5FE40 |
0_2_00F5FE40 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F66843 |
0_2_00F66843 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FD804A |
0_2_00FD804A |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F87006 |
0_2_00F87006 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F86522 |
0_2_00F86522 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F6710E |
0_2_00F6710E |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F716C4 |
0_2_00F716C4 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F51287 |
0_2_00F51287 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F68A0E |
0_2_00F68A0E |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F7BFE6 |
0_2_00F7BFE6 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F7DBB5 |
0_2_00F7DBB5 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0095E060 |
2_2_0095E060 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0095E800 |
2_2_0095E800 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0095FE40 |
2_2_0095FE40 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009D804A |
2_2_009D804A |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00964140 |
2_2_00964140 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00972405 |
2_2_00972405 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00986522 |
2_2_00986522 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0098267E |
2_2_0098267E |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009D0665 |
2_2_009D0665 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0097283A |
2_2_0097283A |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00966843 |
2_2_00966843 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009889DF |
2_2_009889DF |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00986A94 |
2_2_00986A94 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009D0AE2 |
2_2_009D0AE2 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00968A0E |
2_2_00968A0E |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009B8B13 |
2_2_009B8B13 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009AEB07 |
2_2_009AEB07 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0097CD61 |
2_2_0097CD61 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00987006 |
2_2_00987006 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00963190 |
2_2_00963190 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0096710E |
2_2_0096710E |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00951287 |
2_2_00951287 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009733C7 |
2_2_009733C7 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0097F419 |
2_2_0097F419 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00965680 |
2_2_00965680 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009716C4 |
2_2_009716C4 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009778D3 |
2_2_009778D3 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009658C0 |
2_2_009658C0 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0097DBB5 |
2_2_0097DBB5 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00971BB8 |
2_2_00971BB8 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F53633 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow, |
0_2_00F53633 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDC8EE DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W, |
0_2_00FDC8EE |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDC49C PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W, |
0_2_00FDC49C |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F5189B NtdllDialogWndProc_W, |
0_2_00F5189B |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDC86D SendMessageW,NtdllDialogWndProc_W, |
0_2_00FDC86D |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDCC2E ClientToScreen,6F83B270,NtdllDialogWndProc_W, |
0_2_00FDCC2E |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDCDAC NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,6F83BC60,6F83AF40,SetCapture,ClientToScreen,6F83B190,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
0_2_00FDCDAC |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDCD6C GetWindowLongW,NtdllDialogWndProc_W, |
0_2_00FDCD6C |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F516DE GetParent,NtdllDialogWndProc_W, |
0_2_00F516DE |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDD6C6 NtdllDialogWndProc_W, |
0_2_00FDD6C6 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F516B5 NtdllDialogWndProc_W, |
0_2_00F516B5 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F51290 NtdllDialogWndProc_W,GetClientRect,GetCursorPos,ScreenToClient, |
0_2_00F51290 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDDA9A NtdllDialogWndProc_W, |
0_2_00FDDA9A |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F51287 NtdllDialogWndProc_W,GetSysColor,SetBkColor,73324310,NtdllDialogWndProc_W, |
0_2_00F51287 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDC27C 6F83B200,6F83B5E0,ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W, |
0_2_00FDC27C |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F5167D NtdllDialogWndProc_W, |
0_2_00F5167D |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDC220 NtdllDialogWndProc_W, |
0_2_00FDC220 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDCBF9 NtdllDialogWndProc_W, |
0_2_00FDCBF9 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDCBAE NtdllDialogWndProc_W, |
0_2_00FDCBAE |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDC788 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W, |
0_2_00FDC788 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDCB7F NtdllDialogWndProc_W, |
0_2_00FDCB7F |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDCB50 NtdllDialogWndProc_W, |
0_2_00FDCB50 |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00FDD74C GetSystemMetrics,GetSystemMetrics,MoveWindow,SendMessageW,SendMessageW,ShowWindow,InvalidateRect,NtdllDialogWndProc_W, |
0_2_00FDD74C |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00953633 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow, |
2_2_00953633 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DC220 NtdllDialogWndProc_W, |
2_2_009DC220 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DC27C 6F83B200,6F83B5E0,ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W, |
2_2_009DC27C |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DC49C PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W, |
2_2_009DC49C |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DC788 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W, |
2_2_009DC788 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DC8EE DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W, |
2_2_009DC8EE |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DC86D SendMessageW,NtdllDialogWndProc_W, |
2_2_009DC86D |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DCBAE NtdllDialogWndProc_W, |
2_2_009DCBAE |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DCBF9 NtdllDialogWndProc_W, |
2_2_009DCBF9 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DCB50 NtdllDialogWndProc_W, |
2_2_009DCB50 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DCB7F NtdllDialogWndProc_W, |
2_2_009DCB7F |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DCC2E ClientToScreen,6F83B270,NtdllDialogWndProc_W, |
2_2_009DCC2E |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DCDAC NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,6F83BC60,6F83AF40,SetCapture,ClientToScreen,6F83B190,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
2_2_009DCDAC |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DCD6C GetWindowLongW,NtdllDialogWndProc_W, |
2_2_009DCD6C |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00951290 NtdllDialogWndProc_W,GetClientRect,GetCursorPos,ScreenToClient, |
2_2_00951290 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00951287 NtdllDialogWndProc_W,GetSysColor,SetBkColor,73324310,NtdllDialogWndProc_W, |
2_2_00951287 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009516B5 NtdllDialogWndProc_W, |
2_2_009516B5 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009516DE GetParent,NtdllDialogWndProc_W, |
2_2_009516DE |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DD6C6 NtdllDialogWndProc_W, |
2_2_009DD6C6 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0095167D NtdllDialogWndProc_W, |
2_2_0095167D |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DD74C GetSystemMetrics,GetSystemMetrics,MoveWindow,SendMessageW,SendMessageW,ShowWindow,InvalidateRect,NtdllDialogWndProc_W, |
2_2_009DD74C |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_0095189B NtdllDialogWndProc_W, |
2_2_0095189B |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009DDA9A NtdllDialogWndProc_W, |
2_2_009DDA9A |
Source: POv5Nk1dlu.exe, 00000000.00000003.305755579.00000000034A1000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamewinresume2 vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000003.303502621.00000000034A9000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamewinresume2 vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000002.315183078.0000000000B90000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: FV_ORIGINALFILENAME1 vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000002.315295636.0000000000C16000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: FV_ORIGINALFILENAME vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000002.315295636.0000000000C16000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000000.301657715.000000000106B000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamewinresume2 vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000002.315224332.0000000000BBF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamewinresume2 vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000003.302533451.0000000000C16000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: FV_ORIGINALFILENAME vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000003.302533451.0000000000C16000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000003.302345223.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: FV_ORIGINALFILENAME vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe, 00000000.00000003.302345223.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFilename vs POv5Nk1dlu.exe |
Source: POv5Nk1dlu.exe |
Binary or memory string: OriginalFilenamewinresume2 vs POv5Nk1dlu.exe |
Source: C:\Users\user\Desktop\POv5Nk1dlu.exe |
Code function: 0_2_00F54A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_00F54A35 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_00954A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
2_2_00954A35 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009D55FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
2_2_009D55FD |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BF200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
2_2_009BF200 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009B4696 GetFileAttributesW,FindFirstFileW,FindClose, |
2_2_009B4696 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BC9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
2_2_009BC9C7 |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BC93C FindFirstFileW,FindClose, |
2_2_009BC93C |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BF35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
2_2_009BF35D |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009BF65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
2_2_009BF65E |
Source: C:\Users\user\RDVGHelper\at.exe |
Code function: 2_2_009B3A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
2_2_009B3A2B |