Windows Analysis Report
teracopy.exe

Privilege Escalation

Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopyService.exe
Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopy.exe
Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopy.exe
Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopyService.exe
Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\updater.exe

Compliance

Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopyService.exe
Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopy.exe
Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopy.exe
Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopyService.exe
Source: C:\Users\user\Desktop\teracopy.exe	EXE: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\updater.exe

Source: teracopy.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Directory Opus.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\License.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Portable.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Readme.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\share.html
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\sorttable.js
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Total Commander.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Whatsnew.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\XYplorer.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Context.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\TeraCopy.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\TeraCopyService.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\TeraCopy.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\updater.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit\Context.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit\TeraCopy.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit\TeraCopy.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\License.rtf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\DefaultData
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\DefaultData\PowerOff.cmd
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\af
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\af\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\af\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ar
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ar\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ar\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bg
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bg\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bg\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bn
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bn\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bn\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\cs
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\cs\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\cs\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\da
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\da\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\da\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\de
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\de\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\de\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\el
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\el\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\el\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-AR
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-AR\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-AR\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-ES
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-ES\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-ES\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fa
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fa\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fa\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fi\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fi\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fr
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fr\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fr\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\he
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\he\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\he\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hr
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hr\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hr\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hu
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hu\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hu\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\id
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\id\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\id\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\it
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\it\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\it\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ja
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ja\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ja\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ka
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ka\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ka\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ko
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ko\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ko\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\nl
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\nl\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\nl\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pl
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pl\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pl\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-BR
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-BR\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-BR\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-PT
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-PT\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-PT\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ro
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ro\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ro\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ru
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ru\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ru\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sat
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sat\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sat\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sl
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sl\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sl\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sr
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sr\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sr\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sv-SE
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sv-SE\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sv-SE\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\th
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\th\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\th\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\tr
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\tr\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\tr\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\vi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\vi\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\vi\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-CN
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-CN\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-CN\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-TW
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-TW\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-TW\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Sounds
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Sounds\Complete.wav
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Sounds\Error.wav
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ca
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ca\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ca\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-MX
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-MX\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-MX\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\et
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\et\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\et\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hi\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hi\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\lt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\lt\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\lt\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ms
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ms\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ms\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\no
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\no\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\no\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sk
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sk\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sk\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\uk
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\uk\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\uk\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Blake3.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit\Blake3.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\xxHashAVX2.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\xxHashSSE2.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\updater.ini

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}

Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\License.txt
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\Readme.txt
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\License.rtf
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\TeraCopy\License.txt
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\TeraCopy\Readme.txt
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\TeraCopy\License.rtf

Source: teracopy.exe

Static PE information: certificate valid

Source: unknown	HTTPS traffic detected: 216.239.38.21:443 -> 192.168.2.16:63430 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.239.38.21:443 -> 192.168.2.16:63439 version: TLS 1.2

Source: teracopy.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Spreading

Source: C:\Users\user\Desktop\teracopy.exe	File opened: z:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: x:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: v:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: t:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: r:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: p:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: n:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: l:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: j:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: h:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: f:
Source: C:\Windows\System32\svchost.exe	File opened: d:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: b:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: y:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: w:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: u:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: s:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: q:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: o:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: m:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: k:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: i:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: g:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: e:
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: c:
Source: C:\Users\user\Desktop\teracopy.exe	File opened: a:

Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData

Networking

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: codesector.com

Source: unknown	Network traffic detected: HTTP traffic on port 63430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63439
Source: unknown	Network traffic detected: HTTP traffic on port 63439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63430

Source: unknown	HTTPS traffic detected: 216.239.38.21:443 -> 192.168.2.16:63430 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 216.239.38.21:443 -> 192.168.2.16:63439 version: TLS 1.2

System Summary

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4a89aa.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8B6F.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8BCE.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8C0D.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8C4D.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9B42.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9C0E.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{DF5325DF-1F43-4282-85D5-1CA3353E6B13}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI9C7C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}\TeraCopySmall.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}\ext.exe
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4a89ac.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\4a89ac.msi
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIABB0.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAC6C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAC9C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAD68.tmp

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI8B6F.tmp

Source: teracopy.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: mal42.spyw.evad.winEXE@33/186@1/26

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files\TeraCopy

Source: C:\Users\user\Desktop\teracopy.exe

File created: C:\Users\user\AppData\Roaming\Code Sector

Source: C:\Program Files\TeraCopy\TeraCopy.exe	Mutant created: \Sessions\1\BaseNamedObjects\TeraCopyMutex30728
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4808:120:WilError_03

Source: C:\Users\user\Desktop\teracopy.exe

File created: C:\Users\user\AppData\Local\Temp\upd5ED1.tmp

Source: Yara match

File source: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\Context.dll, type: DROPPED

Source: teracopy.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files\TeraCopy\TeraCopyService.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files\TeraCopy\TeraCopyService.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\Desktop\teracopy.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\teracopy.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\teracopy.exe

File read: C:\Users\user\Desktop\teracopy.exe

Source: unknown	Process created: C:\Users\user\Desktop\teracopy.exe "C:\Users\user\Desktop\teracopy.exe"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 5A47AF99B05C7470AB4A5944CAABC493 C
Source: C:\Users\user\Desktop\teracopy.exe	Process created: C:\Users\user\Desktop\teracopy.exe "C:\Users\user\Desktop\teracopy.exe" /i "C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopy.x64.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\TeraCopy" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs" SECONDSEQUENCE="1" CLIENTPROCESSID="6300" CHAINERUIPROCESSID="6300Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="Required,AI64BitFiles,AI32BitFiles,LangFiles,bk3,blake2sp,blake3,exf,hash,md2,xxh64,xxh32,sha3,sha3224,sha3256,sha3384,sha3512,md4,md5,sfv,sha1,sha256,xxh,sha384,sha,xxh3,sha256sum,FileTypeAssociations" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_DETECTED_ADMIN_USER="1" AI_SETUPEXEPATH="C:\Users\user\Desktop\teracopy.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1727988756 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\user\Desktop\teracopy.exe" TARGETDIR="C:\" AI_INSTALL="1"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8F40C98428DBA722FDF12CC2E7B6A268
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\TeraCopy\TeraCopy.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\TeraCopy\32-bit\Context.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\TeraCopy\32-bit\TeraCopy.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\TeraCopy\Context.dll"
Source: unknown	Process created: C:\Program Files\TeraCopy\TeraCopyService.exe "C:\Program Files\TeraCopy\TeraCopyService.exe"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 5A47AF99B05C7470AB4A5944CAABC493 C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2EFDDBFE61B0E29FD1CF03EB96A988B5 E Global\MSI0000
Source: unknown	Process created: C:\Program Files\TeraCopy\TeraCopy.exe "C:\Program Files\TeraCopy\TeraCopy.exe"
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process created: C:\Program Files\TeraCopy\updater.exe "C:\Program Files\TeraCopy\updater.exe" /silent
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknown	Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: C:\Users\user\Desktop\teracopy.exe	Process created: C:\Users\user\Desktop\teracopy.exe "C:\Users\user\Desktop\teracopy.exe" /i "C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopy.x64.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\TeraCopy" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs" SECONDSEQUENCE="1" CLIENTPROCESSID="6300" CHAINERUIPROCESSID="6300Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="Required,AI64BitFiles,AI32BitFiles,LangFiles,bk3,blake2sp,blake3,exf,hash,md2,xxh64,xxh32,sha3,sha3224,sha3256,sha3384,sha3512,md4,md5,sfv,sha1,sha256,xxh,sha384,sha,xxh3,sha256sum,FileTypeAssociations" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_DETECTED_ADMIN_USER="1" AI_SETUPEXEPATH="C:\Users\user\Desktop\teracopy.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1727988756 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\user\Desktop\teracopy.exe" TARGETDIR="C:\" AI_INSTALL="1"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8F40C98428DBA722FDF12CC2E7B6A268
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\TeraCopy\TeraCopy.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\TeraCopy\32-bit\Context.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\TeraCopy\32-bit\TeraCopy.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\TeraCopy\Context.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2EFDDBFE61B0E29FD1CF03EB96A988B5 E Global\MSI0000
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\svchost.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process created: C:\Program Files\TeraCopy\updater.exe "C:\Program Files\TeraCopy\updater.exe" /silent
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation -p -s wcncsvc

Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: usp10.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: davhlpr.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: cabinet.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: lpk.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msihnd.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: samcli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: riched20.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: netprofm.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: npmproxy.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: schannel.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: tsappcmp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msisip.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: pcacli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windows.ui.xaml.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dcomp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windows.ui.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windowmanagementapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: inputhost.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: uiamanager.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dxgi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: mrmcorer.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: d3d11.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dxcore.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windows.ui.immersive.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: d2d1.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dataexchange.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: sxs.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: xmllite.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windows.ui.xaml.controls.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windows.globalization.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: bcp47mrm.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: directmanipulation.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: photometadatahandler.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: threadpoolwinrt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windowmanagementapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: inputhost.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.immersive.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: ninput.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: edputil.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: slc.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: sppc.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: taskschd.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: symsrv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: linkinfo.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntshrui.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: cscapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: moshost.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mapsbtsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mosstorage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mapconfiguration.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: storsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bcd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: storageusage.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: aphostservice.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: networkhelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userdataplatformhelperutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mccspal.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vaultcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dmcfgutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dmcmnutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dmxmlhelputils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: inproclogger.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: synccontroller.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: aphostclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: accountaccessor.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: systemeventsbrokerclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userdatalanguageutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mccsengineshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cemapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userdatatypehelperutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: phoneutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: usp10.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msls31.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: mpr.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: davhlpr.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: wininet.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: cabinet.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: lpk.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msihnd.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: secur32.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: samcli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: netapi32.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: wkscli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: riched20.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: tsappcmp.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: msisip.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: pcacli.dll
Source: C:\Users\user\Desktop\teracopy.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\TeraCopy\TeraCopyService.exe	Section loaded: apphelp.dll
Source: C:\Program Files\TeraCopy\TeraCopyService.exe	Section loaded: userenv.dll
Source: C:\Program Files\TeraCopy\TeraCopyService.exe	Section loaded: vssapi.dll
Source: C:\Program Files\TeraCopy\TeraCopyService.exe	Section loaded: vsstrace.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: wldp.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: profapi.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: winmm.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: blake3.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: version.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: powrprof.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: umpdc.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: sspicli.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: winsta.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: propsys.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: windows.ui.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: windowmanagementapi.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: inputhost.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: wintypes.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: wintypes.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Section loaded: windows.ui.immersive.dll

Source: C:\Users\user\Desktop\teracopy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Source: C:\Windows\System32\msiexec.exe

File written: C:\Program Files\TeraCopy\updater.ini

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Directory Opus.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\License.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Portable.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Readme.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\share.html
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\sorttable.js
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Total Commander.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Whatsnew.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\XYplorer.txt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Context.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\TeraCopy.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\TeraCopyService.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\TeraCopy.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\updater.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit\Context.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit\TeraCopy.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit\TeraCopy.exe
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\License.rtf
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\DefaultData
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\DefaultData\PowerOff.cmd
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\af
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\af\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\af\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ar
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ar\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ar\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bg
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bg\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bg\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bn
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bn\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\bn\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\cs
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\cs\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\cs\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\da
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\da\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\da\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\de
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\de\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\de\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\el
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\el\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\el\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-AR
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-AR\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-AR\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-ES
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-ES\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-ES\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fa
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fa\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fa\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fi\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fi\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fr
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fr\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\fr\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\he
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\he\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\he\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hr
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hr\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hr\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hu
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hu\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hu\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\id
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\id\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\id\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\it
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\it\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\it\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ja
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ja\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ja\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ka
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ka\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ka\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ko
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ko\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ko\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\nl
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\nl\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\nl\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pl
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pl\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pl\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-BR
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-BR\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-BR\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-PT
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-PT\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\pt-PT\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ro
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ro\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ro\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ru
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ru\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ru\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sat
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sat\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sat\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sl
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sl\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sl\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sr
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sr\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sr\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sv-SE
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sv-SE\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sv-SE\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\th
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\th\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\th\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\tr
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\tr\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\tr\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\vi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\vi\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\vi\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-CN
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-CN\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-CN\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-TW
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-TW\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\zh-TW\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Sounds
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Sounds\Complete.wav
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Sounds\Error.wav
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ca
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ca\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ca\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-MX
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-MX\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\es-MX\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\et
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\et\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\et\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hi
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hi\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\hi\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\lt
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\lt\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\lt\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ms
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ms\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\ms\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\no
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\no\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\no\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sk
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sk\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\sk\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\uk
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\uk\default.mo
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\App\Locale\uk\default.po
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\Blake3.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\32-bit\Blake3.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\xxHashAVX2.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\xxHashSSE2.dll
Source: C:\Windows\System32\msiexec.exe	Directory created: C:\Program Files\TeraCopy\updater.ini

Source: C:\Windows\System32\msiexec.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}

Source: teracopy.exe

Static PE information: certificate valid

Source: teracopy.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: teracopy.exe

Static file information: File size 12403216 > 1048576

Source: teracopy.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x27bc00

Source: teracopy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: teracopy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: teracopy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: teracopy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: teracopy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: teracopy.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: teracopy.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: teracopy.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: teracopy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: teracopy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: teracopy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: teracopy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: teracopy.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Persistence and Installation Behavior

Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopy.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\TeraCopy\Context.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8C4D.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\ProgramData\Caphyon\Advanced Installer\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}\teracopy3.17.exe			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\Context.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6300\ExternalUICleaner.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopyService.exe			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\TeraCopy\updater.exe			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6300\lzmaextractor.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Local\Temp\MSI69C0.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6300\defaultPrograms.dll_1			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopy.exe			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopy.exe			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopyService.exe			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\xxHashSSE2.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6300\defaultPrograms.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\TeraCopy\xxHashAVX2.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\Blake3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Local\Temp\shi6923.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopy.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\Blake3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Local\Temp\MSI6A9E.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAC6C.tmp			Jump to dropped file

Source: C:\Users\user\Desktop\teracopy.exe

File created: C:\ProgramData\Caphyon\Advanced Installer\{DF5325DF-1F43-4282-85D5-1CA3353E6B13}\teracopy3.17.exe

Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8C4D.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIAC6C.tmp			Jump to dropped file

Source: C:\Users\user\Desktop\teracopy.exe

File created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6300\defaultPrograms.dll_1

Jump to dropped file

Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\License.txt
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\Readme.txt
Source: C:\Users\user\Desktop\teracopy.exe	File created: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\License.rtf
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\TeraCopy\License.txt
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\TeraCopy\Readme.txt
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files\TeraCopy\License.rtf

Boot Survival

Source: C:\Windows\System32\msiexec.exe

File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy.lnk

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\teracopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Program Files\TeraCopy\TeraCopy.exe

Special instruction interceptor: First address: 140276BB335 instructions caused by: Self-modifying code

Source: C:\Windows\System32\svchost.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopy.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\TeraCopy\Context.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI8C4D.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\Context.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6300\ExternalUICleaner.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopyService.exe			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6300\lzmaextractor.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI69C0.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6300\defaultPrograms.dll_1			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopy.exe			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\xxHashSSE2.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_6300\defaultPrograms.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files\TeraCopy\xxHashAVX2.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\Blake3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi6923.tmp			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\TeraCopy.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\32-bit\Blake3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\teracopy.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI6A9E.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIAC6C.tmp			Jump to dropped file

Source: C:\Windows\System32\svchost.exe TID: 6952

Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13 FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exe	File Volume queried: C:\Windows\System32 FullSizeInformation
Source: C:\Users\user\Desktop\teracopy.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData\Roaming
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft
Source: C:\Program Files\TeraCopy\TeraCopy.exe	File opened: C:\Users\user\AppData

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Anti Debugging

Source: C:\Users\user\Desktop\teracopy.exe

Process queried: DebugPort

HIPS / PFW / Operating System Protection Evasion

Source: C:\Program Files\TeraCopy\TeraCopy.exe

Thread register set: 1228 501

Source: C:\Users\user\Desktop\teracopy.exe	Process created: C:\Users\user\Desktop\teracopy.exe "C:\Users\user\Desktop\teracopy.exe" /i "C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\TeraCopy.x64.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\TeraCopy" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs" SECONDSEQUENCE="1" CLIENTPROCESSID="6300" CHAINERUIPROCESSID="6300Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="Required,AI64BitFiles,AI32BitFiles,LangFiles,bk3,blake2sp,blake3,exf,hash,md2,xxh64,xxh32,sha3,sha3224,sha3256,sha3384,sha3512,md4,md5,sfv,sha1,sha256,xxh,sha384,sha,xxh3,sha256sum,FileTypeAssociations" ALLUSERS="1" PRIMARYFOLDER="APPDIR" ROOTDRIVE="C:\" AI_DETECTED_ADMIN_USER="1" AI_SETUPEXEPATH="C:\Users\user\Desktop\teracopy.exe" SETUPEXEDIR="C:\Users\user\Desktop\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1727988756 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\user\Desktop\teracopy.exe" TARGETDIR="C:\" AI_INSTALL="1"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\TeraCopy\TeraCopy.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\TeraCopy\32-bit\Context.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\TeraCopy\32-bit\TeraCopy.dll"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\TeraCopy\Context.dll"
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Process created: C:\Program Files\TeraCopy\updater.exe "C:\Program Files\TeraCopy\updater.exe" /silent

Source: C:\Users\user\Desktop\teracopy.exe

Process created: C:\Users\user\Desktop\teracopy.exe "c:\users\user\desktop\teracopy.exe" /i "c:\users\user\appdata\roaming\code sector\teracopy 3.17\install\53e6b13\teracopy.x64.msi" ai_euimsi=1 appdir="c:\program files\teracopy" shortcutdir="c:\programdata\microsoft\windows\start menu\programs" secondsequence="1" clientprocessid="6300" chaineruiprocessid="6300chainer" action="install" executeaction="install" clientuilevel="0" addlocal="required,ai64bitfiles,ai32bitfiles,langfiles,bk3,blake2sp,blake3,exf,hash,md2,xxh64,xxh32,sha3,sha3224,sha3256,sha3384,sha3512,md4,md5,sfv,sha1,sha256,xxh,sha384,sha,xxh3,sha256sum,filetypeassociations" allusers="1" primaryfolder="appdir" rootdrive="c:\" ai_detected_admin_user="1" ai_setupexepath="c:\users\user\desktop\teracopy.exe" setupexedir="c:\users\user\desktop\" exe_cmd_line="/exenoupdates /forcecleanup /wintime 1727988756 " ai_setupexepath_original="c:\users\user\desktop\teracopy.exe" targetdir="c:\" ai_install="1"

Source: C:\Users\user\Desktop\teracopy.exe

Process created: C:\Users\user\Desktop\teracopy.exe "c:\users\user\desktop\teracopy.exe" /i "c:\users\user\appdata\roaming\code sector\teracopy 3.17\install\53e6b13\teracopy.x64.msi" ai_euimsi=1 appdir="c:\program files\teracopy" shortcutdir="c:\programdata\microsoft\windows\start menu\programs" secondsequence="1" clientprocessid="6300" chaineruiprocessid="6300chainer" action="install" executeaction="install" clientuilevel="0" addlocal="required,ai64bitfiles,ai32bitfiles,langfiles,bk3,blake2sp,blake3,exf,hash,md2,xxh64,xxh32,sha3,sha3224,sha3256,sha3384,sha3512,md4,md5,sfv,sha1,sha256,xxh,sha384,sha,xxh3,sha256sum,filetypeassociations" allusers="1" primaryfolder="appdir" rootdrive="c:\" ai_detected_admin_user="1" ai_setupexepath="c:\users\user\desktop\teracopy.exe" setupexedir="c:\users\user\desktop\" exe_cmd_line="/exenoupdates /forcecleanup /wintime 1727988756 " ai_setupexepath_original="c:\users\user\desktop\teracopy.exe" targetdir="c:\" ai_install="1"

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\teracopy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDate

Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userbril.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C: VolumeInformation
Source: C:\Users\user\Desktop\teracopy.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Program Files\TeraCopy\TeraCopy.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\teracopy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Source: C:\Windows\System32\svchost.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval

Source: C:\Users\user\Desktop\teracopy.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exe	WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct
Source: C:\Program Files\TeraCopy\TeraCopy.exe	WMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter : FirewallProduct

Stealing of Sensitive Information

Source: C:\Users\user\Desktop\teracopy.exe

File opened: C:\Users\user\AppData\Roaming\Code Sector\TeraCopy 3.17\install\53E6B13\Directory Opus.txt

Source: C:\Program Files\TeraCopy\TeraCopy.exe

Directory queried: C:\Users\user\Documents