Source: yDoZVwXSMG.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_00406775 FindFirstFileA,FindClose, |
0_2_00406775 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_00402A84 FindFirstFileA, |
0_2_00402A84 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_00405B99 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
0_2_00405B99 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_00406775 FindFirstFileA,FindClose, |
2_2_00406775 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_00405B99 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
2_2_00405B99 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_00402A84 FindFirstFileA, |
2_2_00402A84 |
Source: Au_.exe, Au_.exe, 00000002.00000002.3439503883.000000000040A000.00000004.00000001.01000000.00000004.sdmp, Au_.exe, 00000002.00000000.2190560048.000000000040A000.00000008.00000001.01000000.00000004.sdmp, yDoZVwXSMG.exe, Au_.exe.0.dr |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
Source: yDoZVwXSMG.exe, Au_.exe.0.dr |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: yDoZVwXSMG.exe, 00000000.00000002.2191564328.00000000028C3000.00000004.00000020.00020000.00000000.sdmp, yDoZVwXSMG.exe, 00000000.00000002.2191258259.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, yDoZVwXSMG.exe, 00000000.00000002.2191048241.000000000040C000.00000004.00000001.01000000.00000003.sdmp, Au_.exe, Au_.exe, 00000002.00000002.3439987828.0000000002828000.00000004.00000020.00020000.00000000.sdmp, Au_.exe, 00000002.00000002.3439724667.000000000057E000.00000004.00000020.00020000.00000000.sdmp, Au_.exe, 00000002.00000002.3440578387.0000000010003000.00000004.00000001.01000000.00000007.sdmp, nsvC710.tmp.0.dr, nsqC8C5.tmp.2.dr |
String found in binary or memory: https://www.gegridsolutions.com/multilin/ |
Source: yDoZVwXSMG.exe, 00000000.00000002.2191564328.00000000028C3000.00000004.00000020.00020000.00000000.sdmp, yDoZVwXSMG.exe, 00000000.00000002.2191258259.00000000005DE000.00000004.00000020.00020000.00000000.sdmp, yDoZVwXSMG.exe, 00000000.00000002.2191048241.000000000040C000.00000004.00000001.01000000.00000003.sdmp, Au_.exe, 00000002.00000002.3439987828.0000000002828000.00000004.00000020.00020000.00000000.sdmp, Au_.exe, 00000002.00000002.3439724667.000000000057E000.00000004.00000020.00020000.00000000.sdmp, nsvC710.tmp.0.dr, nsqC8C5.tmp.2.dr |
String found in binary or memory: https://www.gegridsolutions.com/multilin/200Set |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_00405683 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, |
0_2_00405683 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_03A11D4E GetDlgCtrlID,OpenClipboard,GetClipboardData,GlobalLock,lstrlenA,SendMessageA,GlobalUnlock,CloseClipboard,CallWindowProcA, |
2_2_03A11D4E |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_004048DE GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_004048DE |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_004036E7 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, |
0_2_004036E7 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_004036E7 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, |
2_2_004036E7 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_00404E7A |
0_2_00404E7A |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_00406AB6 |
0_2_00406AB6 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_00404E7A |
2_2_00404E7A |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_00406AB6 |
2_2_00406AB6 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: String function: 00406747 appears 58 times |
|
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: String function: 00406747 appears 58 times |
|
Source: yDoZVwXSMG.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
Source: classification engine |
Classification label: clean4.winEXE@3/11@0/0 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_004048DE GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, |
0_2_004048DE |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_004022F1 CoCreateInstance,MultiByteToWideChar, |
0_2_004022F1 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
File created: C:\Users\user\AppData\Local\Temp\nsfC6FF.tmp |
Jump to behavior |
Source: yDoZVwXSMG.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
File read: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Jump to behavior |
Source: unknown |
Process created: C:\Users\user\Desktop\yDoZVwXSMG.exe "C:\Users\user\Desktop\yDoZVwXSMG.exe" |
|
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Process created: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe "C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe" _?=C:\Users\user\Desktop\ |
|
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Process created: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe "C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe" _?=C:\Users\user\Desktop\ |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File written: C:\Users\user\AppData\Local\Temp\nslC943.tmp\ioSpecial.ini |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Automated click: OK |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Automated click: Next > |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: yDoZVwXSMG.exe |
Static file information: File size 2469638 > 1048576 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_039F4DB4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
2_2_039F4DB4 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_039F3F10 push eax; ret |
2_2_039F3F3E |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File created: C:\Users\user\AppData\Local\Temp\nslC943.tmp\BrandingURL.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File created: C:\Users\user\AppData\Local\Temp\nslC943.tmp\FindProcDLL.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File created: C:\Users\user\AppData\Local\Temp\nslC943.tmp\LangDLL.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File created: C:\Users\user\AppData\Local\Temp\nslC943.tmp\LogEx.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
File created: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
File created: C:\Users\user\AppData\Local\Temp\nslC943.tmp\InstallOptions.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_03A11410 wsprintfA,lstrcpyA,GetPrivateProfileStringA,lstrcpyA,CharNextA, |
2_2_03A11410 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslC943.tmp\BrandingURL.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslC943.tmp\FindProcDLL.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslC943.tmp\LangDLL.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslC943.tmp\LogEx.dll |
Jump to dropped file |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslC943.tmp\InstallOptions.dll |
Jump to dropped file |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_00406775 FindFirstFileA,FindClose, |
0_2_00406775 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_00402A84 FindFirstFileA, |
0_2_00402A84 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_00405B99 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
0_2_00405B99 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_00406775 FindFirstFileA,FindClose, |
2_2_00406775 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_00405B99 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA, |
2_2_00405B99 |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_00402A84 FindFirstFileA, |
2_2_00402A84 |
Source: Au_.exe, 00000002.00000002.3439724667.000000000057E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\ |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
API call chain: ExitProcess graph end node |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Process information queried: ProcessInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe |
Code function: 2_2_039F4DB4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
2_2_039F4DB4 |
Source: C:\Users\user\Desktop\yDoZVwXSMG.exe |
Code function: 0_2_004036E7 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess, |
0_2_004036E7 |