Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00425639 FindFirstFileW,FindFirstFileW,SetCurrentDirectoryW,FindClose,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose, |
0_2_00425639 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_004230D5 FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose, |
0_2_004230D5 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0041510D FindFirstFileW,DeleteFileW,CopyFileW,lstrcmpiW,DeleteFileW,MoveFileW,FindNextFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose, |
0_2_0041510D |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0042320D FindFirstFileW,FindClose, |
0_2_0042320D |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00426292 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00426292 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00425838 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00425838 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00422C4D FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime, |
0_2_00422C4D |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00414E16 GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00414E16 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00414FFA FindFirstFileW,DeleteFileW,FindNextFileW,FindClose, |
0_2_00414FFA |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_004045EC GetClientRect,GetCursorPos,ScreenToClient,WindowFromPoint,GetWindowRect,GetWindowRect,MoveWindow,GetCursorPos,GetCursorPos,TrackPopupMenuEx,SendMessageW,73A245F0,SendMessageW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,73A245F0,SendMessageW,6F59CB00,6F59C2F0,SetCapture,CharUpperBuffW,ClientToScreen,6F59C530,InvalidateRect,PostMessageW,GetMenuItemInfoW,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,FreeLibrary,DragQueryPoint,SendMessageW,SendMessageW,DragQueryFileW,DragQueryFileW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,CharUpperBuffW,CharUpperBuffW,CharUpperBuffW,CharUpperBuffW,6F59C580,6F59C6F0,ReleaseCapture,SetWindowTextW,SendMessageW,CharUpperBuffW,CharUpperBuffW,ClientToScreen,6F59C5D0, |
0_2_004045EC |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0043244B |
0_2_0043244B |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_004422B6 |
0_2_004422B6 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00444317 |
0_2_00444317 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0043A442 |
0_2_0043A442 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0043E46A |
0_2_0043E46A |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_004045EC |
0_2_004045EC |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0044E616 |
0_2_0044E616 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0044D7D4 |
0_2_0044D7D4 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00456824 |
0_2_00456824 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00441961 |
0_2_00441961 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00442AF9 |
0_2_00442AF9 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00420D89 |
0_2_00420D89 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00421E0D |
0_2_00421E0D |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00450F74 |
0_2_00450F74 |
Source: unknown |
Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" |
|
Source: C:\Users\user\Desktop\calc.exe |
Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" JzM4PpnOtP.jse |
|
Source: C:\Windows\SysWOW64\wscript.exe |
Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add |
|
Source: C:\Windows\SysWOW64\net.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\wscript.exe |
Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add |
|
Source: C:\Windows\SysWOW64\net.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\wscript.exe |
Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" |
|
Source: C:\Windows\SysWOW64\net.exe |
Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add |
|
Source: C:\Windows\SysWOW64\net.exe |
Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add |
|
Source: C:\Users\user\Desktop\calc.exe |
Process created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\wscript.exe" JzM4PpnOtP.jse |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" user LocalAdministrator /add |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\System32\net.exe" localgroup administrators LocalAdministrator /add |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Process created: C:\Users\user\Desktop\calc.exe "C:\Users\user\Desktop\calc.exe" |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 user LocalAdministrator /add |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 localgroup administrators LocalAdministrator /add |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: jscript.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: jscript.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: msisip.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: wshext.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: scrobj.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: scrrun.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wscript.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: dsrole.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: logoncli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: samlib.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: dsrole.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: logoncli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\net1.exe |
Section loaded: samlib.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00412196 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_00412196 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00440FF0 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
0_2_00440FF0 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00425639 FindFirstFileW,FindFirstFileW,SetCurrentDirectoryW,FindClose,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose, |
0_2_00425639 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_004230D5 FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose, |
0_2_004230D5 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0041510D FindFirstFileW,DeleteFileW,CopyFileW,lstrcmpiW,DeleteFileW,MoveFileW,FindNextFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose, |
0_2_0041510D |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_0042320D FindFirstFileW,FindClose, |
0_2_0042320D |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00426292 FindFirstFileW,Sleep,FindNextFileW,FindClose, |
0_2_00426292 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00425838 FindFirstFileW,FindNextFileW,FindClose, |
0_2_00425838 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00422C4D FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime, |
0_2_00422C4D |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00414E16 GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00414E16 |
Source: C:\Users\user\Desktop\calc.exe |
Code function: 0_2_00414FFA FindFirstFileW,DeleteFileW,FindNextFileW,FindClose, |
0_2_00414FFA |