| Source: unknown |
Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding |
| Source: C:\Windows\System32\OpenWith.exe |
Process created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\#U0417#U0430#U043f#U0438#U0442 #U0421#U0411#U0423.rar" |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO099FD947\??? ??????? 937463543.txt |
| Source: C:\Windows\System32\OpenWith.exe |
Process created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\#U0417#U0430#U043f#U0438#U0442 #U0421#U0411#U0423.rar" |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Process created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\AppData\Local\Temp\7zO099FD947\??? ??????? 937463543.txt |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Process created: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe "C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe" |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Yes Yes.bat & Yes.bat |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 185027 |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "venezuelalandscapesmeantposters" Tournaments |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Martin + ..\Organizing + ..\Finnish + ..\Determined + ..\Already + ..\Presentations + ..\Hint H |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\Local\Temp\185027\Spy.pif Spy.pif H |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NanoCipher.url" & echo URL="C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NanoCipher.url" & exit |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Process created: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe "C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe" |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Yes Yes.bat & Yes.bat |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 185027 |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "venezuelalandscapesmeantposters" Tournaments |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Martin + ..\Organizing + ..\Finnish + ..\Determined + ..\Already + ..\Presentations + ..\Hint H |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\Local\Temp\185027\Spy.pif Spy.pif H |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NanoCipher.url" & echo URL="C:\Users\user\AppData\Local\NanoSec Cryptographics\NanoCipher.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NanoCipher.url" & exit |
| Source: unknown |
Process created: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe "C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe" |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Yes Yes.bat & Yes.bat |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 185027 |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Martin + ..\Organizing + ..\Finnish + ..\Determined + ..\Already + ..\Presentations + ..\Hint H |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\Local\Temp\185027\Spy.pif Spy.pif H |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c copy Yes Yes.bat & Yes.bat |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc" |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\tasklist.exe tasklist |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\findstr.exe findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth" |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 185027 |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Martin + ..\Organizing + ..\Finnish + ..\Determined + ..\Already + ..\Presentations + ..\Hint H |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Users\user\AppData\Local\Temp\185027\Spy.pif Spy.pif H |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5 |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uxtheme.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: onecoreuapcommonproxystub.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.storage.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wldp.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinui.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wintypes.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: powrprof.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dwmapi.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: pdh.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: umpdc.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: onecorecommonproxystub.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: actxprxy.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: propsys.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.staterepositoryps.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.appdefaults.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.immersive.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: profapi.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: ntmarta.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uiautomationcore.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dui70.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: duser.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dwrite.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: bcp47mrm.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uianimation.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: d3d11.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dxgi.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: d3d10warp.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: resourcepolicyclient.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dxcore.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dcomp.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: oleacc.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: edputil.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windowmanagementapi.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: textinputframework.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: inputhost.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coreuicomponents.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coreuicomponents.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinapi.appcore.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinapi.appcore.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windowscodecs.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: thumbcache.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: policymanager.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: msvcp110_win.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: apphelp.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: appresolver.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: bcp47langs.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: slc.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: userenv.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: sppc.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: tiledatarepository.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: staterepository.core.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.staterepository.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wtsapi32.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.staterepositorycore.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: mrmcorer.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: appxdeploymentclient.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: sxs.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: directmanipulation.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: textshaping.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: ninput.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: explorerframe.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dataexchange.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.fileexplorer.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: xmllite.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: structuredquery.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: atlthunk.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.fileexplorer.common.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: iertutil.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.storage.search.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: linkinfo.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinapi.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: ntshrui.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: sspicli.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: srvcli.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cscapi.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: winmm.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: ehstorshell.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: networkexplorer.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: cscui.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: urlmon.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: netutils.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: pcacli.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: mpr.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Section loaded: sfc_os.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: uxtheme.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: textshaping.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: windows.storage.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: wldp.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: windowscodecs.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: profapi.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: propsys.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: explorerframe.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: cryptbase.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: thumbcache.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: policymanager.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: msvcp110_win.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: textinputframework.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: coreuicomponents.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: coremessaging.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: ntmarta.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: wintypes.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: wintypes.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: wintypes.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: dataexchange.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: d3d11.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: dcomp.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: dxgi.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: twinapi.appcore.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: edputil.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: urlmon.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: iertutil.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: srvcli.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: netutils.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: windows.staterepositoryps.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: sspicli.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: appresolver.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: bcp47langs.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: slc.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: userenv.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: sppc.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: onecorecommonproxystub.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: onecoreuapcommonproxystub.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: pcacli.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: mpr.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: sfc_os.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: uxtheme.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: mrmcorer.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: windows.storage.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: wldp.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: textshaping.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: efswrt.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: mpr.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: wintypes.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: twinapi.appcore.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: oleacc.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: textinputframework.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: coreuicomponents.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: coremessaging.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: ntmarta.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: coremessaging.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: urlmon.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: iertutil.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: srvcli.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: netutils.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: propsys.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: policymanager.dll |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: msvcp110_win.dll |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Section loaded: apphelp.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: apphelp.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: version.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: uxtheme.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: shfolder.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: windows.storage.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: wldp.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: propsys.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: profapi.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: riched20.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: usp10.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: msls31.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: textinputframework.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: coreuicomponents.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: coremessaging.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: ntmarta.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: textshaping.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: edputil.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: urlmon.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: iertutil.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: srvcli.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: netutils.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: windows.staterepositoryps.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: sspicli.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: appresolver.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: bcp47langs.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: slc.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: userenv.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: sppc.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: onecorecommonproxystub.dll |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Section loaded: onecoreuapcommonproxystub.dll |
| Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: ntmarta.dll |
| Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cmdext.dll |
| Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: version.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: mpr.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: framedynos.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: dbghelp.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: srvcli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: netutils.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: wbemcomn.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: winsta.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: amsi.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: userenv.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: profapi.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: version.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: mpr.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: framedynos.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: dbghelp.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: srvcli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: netutils.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: wbemcomn.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: winsta.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: amsi.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: userenv.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: profapi.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: wsock32.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: version.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: winmm.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: mpr.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: wininet.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: iphlpapi.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: userenv.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: uxtheme.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: kernel.appcore.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: windows.storage.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: wldp.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: ntmarta.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: napinsp.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: pnrpnsp.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: wshbth.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: nlaapi.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: mswsock.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: dnsapi.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: winrnr.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: rasadhlp.dll |
| Source: C:\Windows\SysWOW64\choice.exe |
Section loaded: version.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: apphelp.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: version.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: uxtheme.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: shfolder.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: windows.storage.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: wldp.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: propsys.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: riched20.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: usp10.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: msls31.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: textinputframework.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: coreuicomponents.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: coremessaging.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: ntmarta.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: wintypes.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: textshaping.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: profapi.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: edputil.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: urlmon.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: iertutil.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: srvcli.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: netutils.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: windows.staterepositoryps.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: sspicli.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: appresolver.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: bcp47langs.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: slc.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: userenv.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: sppc.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: onecorecommonproxystub.dll |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Section loaded: onecoreuapcommonproxystub.dll |
| Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: ntmarta.dll |
| Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: cmdext.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: version.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: mpr.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: framedynos.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: dbghelp.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: srvcli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: netutils.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: wbemcomn.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: winsta.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: amsi.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: userenv.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: profapi.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: version.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: mpr.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: framedynos.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: dbghelp.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: srvcli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: netutils.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: sspicli.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: kernel.appcore.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: wbemcomn.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: winsta.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: amsi.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: userenv.dll |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Section loaded: profapi.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: wsock32.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: version.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: winmm.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: mpr.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: wininet.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: iphlpapi.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: userenv.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: uxtheme.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: kernel.appcore.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: windows.storage.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: wldp.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: napinsp.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: pnrpnsp.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: wshbth.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: nlaapi.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: mswsock.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: dnsapi.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: winrnr.dll |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Section loaded: rasadhlp.dll |
| Source: C:\Windows\SysWOW64\choice.exe |
Section loaded: version.dll |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\System32\OpenWith.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Program Files\7-Zip\7zFM.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\7zO09913F37\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\Desktop\scan_doc_zapit_836893.pdf.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\SysWOW64\cmd.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Windows\SysWOW64\tasklist.exe |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Process information set: NOOPENFILEERRORBOX |
| Source: C:\Users\user\AppData\Local\Temp\185027\Spy.pif |
Process information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOX |
