Windows Analysis Report
https://vpn-get.com/nordvpn

Overview

General Information

Sample URL: https://vpn-get.com/nordvpn
Analysis ID: 756292
Infos:

Detection

Score: 25
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

DLL side loading technique detected
Creates a DirectInput object (often for capturing keystrokes)
Drops files with a non-matching file extension (content does not match file extension)
PE file does not import any functions
PE file contains strange resources
Drops PE files
PE file contains sections with non-standard names
Binary contains a suspicious time stamp
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Creates a process in suspended mode (likely to inject code)

Classification

Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\GoogleUpdater Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll Jump to behavior
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_config_mp2v.pdb! source: mc_config_mp2v.dll.9.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.6.dr
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_dec_spic.pdb source: mc_dec_spic.dll0.6.dr
Source: Binary string: libGLESv2.dll.pdb`1-p1- source: libGLESv2.dll.6.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: instrument.dll.6.dr
Source: Binary string: msvcp120.i386.pdb source: msvcp120.dll.6.dr
Source: Binary string: C:\h\workspace\MXF_SDK\LICENSE\MOG_PAY_VERSION\label\vs100_x64\stage\bin\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.pdb source: MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll0.6.dr, MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll.6.dr
Source: Binary string: adbeape.pdb source: adbeape.dll.6.dr, adbeape.dll0.6.dr
Source: Binary string: D:\Projects\WinRAR\build\winrar32\Release\WinRAR.pdb source: WinRAR.exe.6.dr
Source: Binary string: libGLESv2.dll.pdb source: libGLESv2.dll.6.dr
Source: Binary string: C:\h\workspace\MXF_SDK_Modules\LICENSE\MOG_PAY_VERSION\label\vs100_x64\stage\bin\MXF_SDK_Modules_DataIO_1.4.22_vs10.pdb source: MXF_SDK_Modules_DataIO_1.4.22_vs10.dll.9.dr
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_config_mp2v.pdb source: mc_config_mp2v.dll.9.dr
Source: Binary string: C:\Code\BUILD\channels\Surface\Release\Surface.pdb source: Surface.dll.6.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.6.dr
Source: Binary string: C:\Code\BUILD\channels\Win32_Font\Release\Win32_Font.pdb source: Win32_Font.dll.6.dr
Source: Binary string: DL100AGM.pdb source: DL100AGM.dll0.6.dr
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo Jump to behavior
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/1085
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/1452
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/1452expand_integer_pow_expressionsThe
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/1512
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/1637
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/1936
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/2046
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/2152
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/2152skip_vs_constant_register_zeroIn
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/2273
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/2514
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/2703
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/2727
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/2970
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/2978
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3016
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3027
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3045
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3078
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3153
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3205
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3206
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3243
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3246
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3246allow_clear_for_robust_resource_initSome
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3452
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3498
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3502
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3623
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3624
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3625
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3729
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3859
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/3997
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/4214
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/4267
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/4384
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/4405
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/4428
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/4442
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/4490
Source: libGLESv2.dll.6.dr String found in binary or memory: http://anglebug.com/482
Source: adbeape.dll.6.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: adbeape.dll.6.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/110263
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/308366
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/398694
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/398694ANGLE_DEFAULT_PLATFORMvulkanvulkan-nullswiftshadergld3d11nullGPU.ANGLE.Displa
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/403957
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/565179
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/642227
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/642605
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/644669
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/650547
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/672380
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/709351
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/772651
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/797243
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/809422
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/830046
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/849576
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/883276
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/927470
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/941620
Source: libGLESv2.dll.6.dr String found in binary or memory: http://crbug.com/941620dont_translate_uniform_block_to_structured_bufferFails
Source: WinRAR.exe.6.dr String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: WinRAR.exe.6.dr String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: adbeape.dll.6.dr String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: adbeape.dll.6.dr String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: adbeape.dll.6.dr String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: adbeape.dll.6.dr String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: fxplugins.dll.6.dr String found in binary or memory: http://javafx.com/
Source: fxplugins.dll.6.dr String found in binary or memory: http://javafx.com/vp6decoderflvdemux
Source: WinRAR.exe.6.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: adbeape.dll.6.dr String found in binary or memory: http://ocsp.digicert.com0H
Source: adbeape.dll.6.dr String found in binary or memory: http://ocsp.digicert.com0I
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://ocsp.thawte.com0
Source: adbeape.dll0.6.dr String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.dr String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.dr String found in binary or memory: http://s.symcd.com06
Source: adbeape.dll0.6.dr String found in binary or memory: http://s.symcd.com0_
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://s2.symcb.com0
Source: mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: lcms.dll.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://sv.symcd.com0&
Source: adbeape.dll0.6.dr String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: adbeape.dll0.6.dr String found in binary or memory: http://sw.symcd.com0
Source: adbeape.dll0.6.dr String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.dr String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.dr String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, lcms.dll.6.dr, WinRAR.exe.6.dr, DL100AGM.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: 7za.exe, 00000009.00000002.565370263.00000000010F2000.00000004.00000800.00020000.00000000.sdmp, DL100AGM.dll0.6.dr String found in binary or memory: http://www.datalogics.com
Source: adbeape.dll.6.dr String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: WinRAR.exe.6.dr String found in binary or memory: http://www.rarlab.com
Source: WinRAR.exe.6.dr String found in binary or memory: http://www.rarlab.com/themes.htm
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://www.symauth.com/cps0(
Source: lcms.dll.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: http://www.symauth.com/rpa00
Source: libGLESv2.dll.6.dr String found in binary or memory: https://crbug.com/1046462
Source: libGLESv2.dll.6.dr String found in binary or memory: https://crbug.com/593024
Source: libGLESv2.dll.6.dr String found in binary or memory: https://crbug.com/593024select_view_in_geometry_shaderThe
Source: libGLESv2.dll.6.dr String found in binary or memory: https://crbug.com/650547
Source: libGLESv2.dll.6.dr String found in binary or memory: https://crbug.com/650547call_clear_twiceUsing
Source: libGLESv2.dll.6.dr String found in binary or memory: https://crbug.com/655534
Source: libGLESv2.dll.6.dr String found in binary or memory: https://crbug.com/655534use_system_memory_for_constant_buffersCopying
Source: libGLESv2.dll.6.dr String found in binary or memory: https://crbug.com/705865
Source: libGLESv2.dll.6.dr String found in binary or memory: https://crbug.com/710443
Source: lcms.dll.6.dr, WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: adbeape.dll0.6.dr, mc_config_mp2v.dll.9.dr, mc_dec_spic.dll0.6.dr, instrument.dll.6.dr, fxplugins.dll.6.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: adbeape.dll0.6.dr String found in binary or memory: https://d.symcb.com/rpa0)
Source: WinRAR.exe.6.dr, adbeape.dll.6.dr, adbeape.dll0.6.dr String found in binary or memory: https://d.symcb.com/rpa0.
Source: adbeape.dll.6.dr String found in binary or memory: https://www.digicert.com/CPS0
Creates a DirectInput object (often for capturing keystrokes)
Source: DL100AGM.dll0.6.dr Binary or memory string: DirectDrawCreateEx
PE file does not import any functions
Source: setup64.dll.6.dr Static PE information: No import functions for PE file found
Source: mfc100chs.dll0.6.dr Static PE information: No import functions for PE file found
Source: mfc100cht.dll.6.dr Static PE information: No import functions for PE file found
Source: mfc100cht.dll0.6.dr Static PE information: No import functions for PE file found
Source: mfc100chs.dll.6.dr Static PE information: No import functions for PE file found
PE file contains strange resources
Source: DL100AGM.dll.6.dr Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
PE file contains executable resources (Code or Archives)
Source: DL100AGM.dll.6.dr Static PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: mc_demux_dv.dll.6.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: mfc100chs.dll0.6.dr Static PE information: Section .rsrc
Source: mfc100cht.dll.6.dr Static PE information: Section .rsrc
Source: mfc100cht.dll0.6.dr Static PE information: Section .rsrc
Source: mfc100chs.dll.6.dr Static PE information: Section .rsrc
Source: C:\Windows\SysWOW64\unarchiver.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1816,i,5108959396523626248,12215149392874120257,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://vpn-get.com/nordvpn
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\SysWOW64\unarchiver.exe C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-10_11.zip
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\boe55dv2.gbx" "C:\Users\user\Downloads\NordVPN-10_11.zip
Source: C:\Windows\SysWOW64\7za.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\SysWOW64\unarchiver.exe C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-7_8.zip
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l" "C:\Users\user\Downloads\NordVPN-7_8.zip
Source: C:\Windows\SysWOW64\7za.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1816,i,5108959396523626248,12215149392874120257,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\SysWOW64\unarchiver.exe C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-10_11.zip Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Windows\SysWOW64\unarchiver.exe C:\Windows\SysWOW64\unarchiver.exe" "C:\Users\user\Downloads\NordVPN-7_8.zip Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\boe55dv2.gbx" "C:\Users\user\Downloads\NordVPN-10_11.zip Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l" "C:\Users\user\Downloads\NordVPN-7_8.zip Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5720:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7032:120:WilError_01
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\GoogleUpdater Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\5106b089-c5d4-4c97-b3c3-a943e1aca1aa.tmp Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe File created: C:\Users\user\AppData\Local\Temp\unarchiver.log Jump to behavior
Source: classification engine Classification label: sus25.evad.win@43/220@0/17
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\GoogleUpdater Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll Jump to behavior
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_config_mp2v.pdb! source: mc_config_mp2v.dll.9.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.6.dr
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_dec_spic.pdb source: mc_dec_spic.dll0.6.dr
Source: Binary string: libGLESv2.dll.pdb`1-p1- source: libGLESv2.dll.6.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: instrument.dll.6.dr
Source: Binary string: msvcp120.i386.pdb source: msvcp120.dll.6.dr
Source: Binary string: C:\h\workspace\MXF_SDK\LICENSE\MOG_PAY_VERSION\label\vs100_x64\stage\bin\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.pdb source: MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll0.6.dr, MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll.6.dr
Source: Binary string: adbeape.pdb source: adbeape.dll.6.dr, adbeape.dll0.6.dr
Source: Binary string: D:\Projects\WinRAR\build\winrar32\Release\WinRAR.pdb source: WinRAR.exe.6.dr
Source: Binary string: libGLESv2.dll.pdb source: libGLESv2.dll.6.dr
Source: Binary string: C:\h\workspace\MXF_SDK_Modules\LICENSE\MOG_PAY_VERSION\label\vs100_x64\stage\bin\MXF_SDK_Modules_DataIO_1.4.22_vs10.pdb source: MXF_SDK_Modules_DataIO_1.4.22_vs10.dll.9.dr
Source: Binary string: C:\ahpwc\mc\mc_adobe_sdk_dbginfo_win64_x64_release\mc_config_mp2v.pdb source: mc_config_mp2v.dll.9.dr
Source: Binary string: C:\Code\BUILD\channels\Surface\Release\Surface.pdb source: Surface.dll.6.dr
Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.6.dr
Source: Binary string: C:\Code\BUILD\channels\Win32_Font\Release\Win32_Font.pdb source: Win32_Font.dll.6.dr
Source: Binary string: DL100AGM.pdb source: DL100AGM.dll0.6.dr
PE file contains sections with non-standard names
Source: jfxwebkit.dll.6.dr Static PE information: section name: .unwante
Source: wget.exe.6.dr Static PE information: section name: /4
Source: wget.exe.6.dr Static PE information: section name: /14
Source: GFSDK_ShadowLib.win64.dll.6.dr Static PE information: section name: text
Source: libGLESv2.dll.6.dr Static PE information: section name: .00cfg
Source: libGLESv2.dll.6.dr Static PE information: section name: .voltbl
Source: GFSDK_ShadowLib.win64.dll0.6.dr Static PE information: section name: text
Binary contains a suspicious time stamp
Source: d3dcompiler_47.dll.6.dr Static PE information: 0x66D23DFC [Fri Aug 30 21:47:40 2024 UTC]
Source: initial sample Static PE information: section name: .text entropy: 6.90903234258047
Source: initial sample Static PE information: section name: .text entropy: 6.95576372950548
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javacpl.cpl Jump to dropped file
Drops PE files
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\ImageMetaData.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2iexp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100cht.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jawt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dt_socket.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\boost_system.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FModSound.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mfc100chs.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\wsdetect.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jpeg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GPUPerfAPIDX11-x64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\sunmscapi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_mp2sr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\decora_sse.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\nio.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\lcms.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCreation.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\java_crw_demo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\boost_system.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp2m.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_SoundFile2.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\zip.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PlugPlugExternalObject.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mpa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Tesselator.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp4v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\instrument.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsoundds.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\net.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceFunction.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\bci.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\adbeape.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_d3d.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\7z.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GFSDK_ShadowLib.win64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100PDFL.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100PDFL.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SceneContainerCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_mp2sr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\t2k.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\7z.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\sunec.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dcpr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceCreation.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp4v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\CGRCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\WinRAR.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\splashscreen.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\boost_system.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100AGM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GroupBuffer.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceContainer.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100AGM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FloatTexture.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_audio_converter.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfxwebkit.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\boost_system.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100chs.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FileLoader.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\StyleTransfer.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_demux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\setup64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\adbeape.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_UserInput.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\JSONCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_sw.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jli.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_SysInfo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\XMLDOMCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\mlib_image.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_MotionSet.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_TextOut.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_DirectInput.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_common.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PRM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\ESM_SaveTextFile.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceChannel.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mpa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GPUPerfAPIDX11-x64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\fxplugins.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Internet.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\libGLESv2.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\CopyImage.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_mux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\PRM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcp120.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_trans_audio_converter.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\WindowsAccessBridge.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2native.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_dec_spic.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageStitcher.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp4v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\7z.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100cht.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\wget.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_MatrixInterpolateSet.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_audio_converter.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\deploy.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\j2pcsc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_dec_spic.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JAWTAccessBridge.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\glass.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\fontmanager.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp2v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2m.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SAXParser.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsound.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\j2pkcs11.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_demux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\ssv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcr120.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\PlugPlugExternalObject.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsdt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\WinRAR.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\resource.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Win32_Font.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DL100AGM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jdwp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FileDialog.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefHash.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GFSDK_ShadowLib.win64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfxmedia.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mpa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_iio.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_video_framerate.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcr100.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\kcms.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JAWTAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_dec_spic.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\adbeape.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100chs.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_mux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jaas_nt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_enc_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JavaAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Surface.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javacpl.cpl Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\XMLDOMObject.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_ImportObject.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mfc100cht.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceUnique.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Image.Services.Core.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\VectorOperator.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\unpack.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\awt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2m.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\eula.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_font_t2k.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GUISkin.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_trans_video_framerate.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefSphereTree.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_video_framerate.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dt_shmem.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_mux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\gstreamer-lite.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\java.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_font.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\setup64.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\npt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\adbeape.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JavaAccessBridge.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_Camera.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\verify.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\management.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\WindowsAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\ObjectDataCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Object.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageMetaData.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\wget.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\TextFilter.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\libGLESv2.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\7z.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\hprof.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceUnique.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\glib-lite.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2ssv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\ImageStitcher.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_enc_mp2sr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefTree.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\w2k_lsa_auth.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_demux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\ImageMetaData.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2iexp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100cht.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jawt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dt_socket.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\boost_system.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FModSound.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mfc100chs.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\wsdetect.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jpeg.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GPUPerfAPIDX11-x64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\sunmscapi.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_mp2sr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\decora_sse.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\nio.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\lcms.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCreation.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\java_crw_demo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\boost_system.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp2m.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_SoundFile2.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\zip.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PlugPlugExternalObject.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mpa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Tesselator.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\instrument.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp4v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsoundds.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\net.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceFunction.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\bci.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\adbeape.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_d3d.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GFSDK_ShadowLib.win64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100PDFL.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100PDFL.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SceneContainerCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_mp2sr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\t2k.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\7z.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\sunec.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dcpr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceCreation.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp4v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\WinRAR.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\CGRCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\splashscreen.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\boost_system.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DL100AGM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GroupBuffer.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceContainer.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DL100AGM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FloatTexture.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_audio_converter.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfxwebkit.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\boost_system.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100chs.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\FileLoader.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\StyleTransfer.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_demux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\setup64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\adbeape.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_UserInput.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\JSONCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_sw.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_SysInfo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jli.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\XMLDOMCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\mlib_image.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_MotionSet.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_TextOut.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_DirectInput.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\prism_common.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\PRM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\ESM_SaveTextFile.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InterfaceChannel.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mpa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GPUPerfAPIDX11-x64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_enc_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\fxplugins.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Internet.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\libGLESv2.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\CopyImage.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_mux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\PRM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_trans_audio_converter.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcp120.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\WindowsAccessBridge.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2native.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_dec_spic.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageStitcher.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp4v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\7z.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mfc100cht.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\wget.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_MatrixInterpolateSet.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_audio_converter.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\deploy.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\j2pcsc.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_dec_spic.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JAWTAccessBridge.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\glass.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\fontmanager.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_mp2v.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mp2m.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\SAXParser.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsound.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\j2pkcs11.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_demux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\ssv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcr120.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\PlugPlugExternalObject.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jsdt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\WinRAR.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\resource.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DL100AGM.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Win32_Font.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jdwp.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\FileDialog.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefHash.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\GFSDK_ShadowLib.win64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jfxmedia.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_config_mpa.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_iio.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AVI_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_trans_video_framerate.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\msvcr100.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\kcms.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JAWTAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\setup64.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_dec_spic.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\adbeape.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mfc100chs.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\mc_mux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jaas_nt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_enc_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JavaAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\MXF_SDK_Modules_DataIO_1.4.22_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Surface.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javacpl.cpl Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\XMLDOMObject.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_config_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\DX8_ImportObject.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mfc100cht.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\InterfaceUnique.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\Image.Services.Core.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\VectorOperator.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\unpack.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\awt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_AES3_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_config_mp2m.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\eula.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_font_t2k.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\GUISkin.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_trans_video_framerate.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefSphereTree.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\dt_shmem.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_trans_video_framerate.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_mux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\gstreamer-lite.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\java.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\javafx_font.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\DirectX\setup64.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\npt.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_enc_pcm.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\adbeape.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\JavaAccessBridge.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\DX8_Camera.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\verify.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\management.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\WindowsAccessBridge-32.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\d3dcompiler_47.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\config\img\ObjectDataCommand.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\Object.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\ImageMetaData.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX\wget.exe Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\TextFilter.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\libGLESv2.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\hprof.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\InterfaceUnique.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\glib-lite.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\jp2ssv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\ImageStitcher.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l\data\AppInfo\data\mc_enc_mp2sr.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin\InstanceRefTree.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\jre\bin\w2k_lsa_auth.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data\mc_demux_dv.dll Jump to dropped file
Source: C:\Windows\SysWOW64\7za.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\MXF_SDK_GenericContainer_SystemScheme1_4.5.16_vs10.dll Jump to dropped file
Source: C:\Windows\SysWOW64\unarchiver.exe Code function: 8_2_0108B1D6 GetSystemInfo, 8_2_0108B1D6
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms\bin Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\DirectX Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\platforms Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo\data Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe File opened: C:\Users\user\AppData\Local\Temp\boe55dv2.gbx\data\AppInfo Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
DLL side loading technique detected
Source: C:\Windows\SysWOW64\7za.exe Section loaded: C:\Windows\SysWOW64\7z.dll Jump to behavior
Source: C:\Windows\SysWOW64\7za.exe Section loaded: C:\Windows\SysWOW64\7z.dll Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\boe55dv2.gbx" "C:\Users\user\Downloads\NordVPN-10_11.zip Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\7za.exe C:\Windows\System32\7za.exe" x -pinfected -y -o"C:\Users\user\AppData\Local\Temp\wgjorgwf.g2l" "C:\Users\user\Downloads\NordVPN-7_8.zip Jump to behavior
Source: WinRAR.exe.6.dr Binary or memory string: p():tooltips_class32CMDWNDADDCMDWNDOTHERCMDWNDCONVERTCMDWNDFINDCMDWNDBENCH* %sHELPExecArcCmdDoneCMDMODETaskbarCreatedProgman%4d%%HELPCmdMode
Source: C:\Windows\SysWOW64\unarchiver.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 756292 URL: https://vpn-get.com/nordvpn Startdate: 30/11/2022 Architecture: WINDOWS Score: 25 7 chrome.exe 18 14 2->7         started        10 chrome.exe 2->10         started        dnsIp3 51 192.168.2.1 unknown unknown 7->51 53 239.255.255.250 unknown Reserved 7->53 12 unarchiver.exe 4 7->12         started        14 unarchiver.exe 3 7->14         started        16 chrome.exe 7->16         started        process4 dnsIp5 19 7za.exe 201 12->19         started        23 7za.exe 45 14->23         started        45 185.215.4.79 TVHORADADAES Denmark 16->45 47 5.45.85.133 SCALAXY-ASNL Russian Federation 16->47 49 13 other IPs or domains 16->49 process6 file7 29 C:\Users\user\AppData\Local\...\adbeape.dll, PE32+ 19->29 dropped 31 C:\Users\user\AppData\...\d3dcompiler_47.dll, PE32 19->31 dropped 33 C:\Users\user\AppData\Local\Temp\...\zip.dll, PE32 19->33 dropped 41 174 other files (none is malicious) 19->41 dropped 55 DLL side loading technique detected 19->55 25 conhost.exe 19->25         started        35 C:\Users\user\AppData\Local\...\adbeape.dll, PE32+ 23->35 dropped 37 C:\Users\user\AppData\Local\...\mfc100cht.dll, PE32 23->37 dropped 39 C:\Users\user\AppData\Local\...\mfc100chs.dll, PE32 23->39 dropped 43 29 other files (none is malicious) 23->43 dropped 27 conhost.exe 23->27         started        signatures8 process9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.203.106
 unknown United States
15169 GOOGLEUS false
34.104.35.123
 unknown United States
15169 GOOGLEUS false
162.55.188.142
 unknown United States
35893 ACPCA false
142.250.203.110
 unknown United States
15169 GOOGLEUS false
5.45.85.133
 unknown Russian Federation
58061 SCALAXY-ASNL false
193.3.17.197
 unknown Denmark
2107 ARNES-NETAcademicandResearchNetworkofSloveniaSI false
8.8.8.8
 unknown United States
15169 GOOGLEUS false
172.217.168.68
 unknown United States
15169 GOOGLEUS false
172.217.168.45
 unknown United States
15169 GOOGLEUS false
172.217.168.67
 unknown United States
15169 GOOGLEUS false
185.215.4.79
 unknown Denmark
50129 TVHORADADAES false
104.192.141.1
 unknown United States
16509 AMAZON-02US false
239.255.255.250
 unknown Reserved
unknown unknown false
52.216.240.12
 unknown United States
16509 AMAZON-02US false
92.223.124.62
 unknown Austria
199524 GCOREAT false

Private

IP
192.168.2.1
127.0.0.1

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://vpn-get.com/ false
    		unknown
    https://vpn-get.com/nordvpn false
      		unknown