Windows Analysis Report
W4gFpExSht.exe

Overview

General Information

Sample name:	W4gFpExSht.exe renamed because original name is a hash value
Original sample name:	4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8.exe
Analysis ID:	1526558
MD5:	57e7e2151ac4443d3a30d61d4426428a
SHA1:	b2adca307d1f5d1c92cfcdac269ccf269bd8155a
SHA256:	4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8
Tags:	DoubleFaceTeamexeuser-JAMESWT_MHT
Infos:

Detection

Babuk

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found ransom note / readme

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected Babuk Ransomware

AI detected suspicious sample

Tries to harvest and steal browser information (history, passwords, etc)

Checks for available system drives (often done to infect USB drives)

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to modify clipboard data

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Babuk	Babuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most used compiled versions, but ESX and a 32bit old PE executable were observed over time. as well It uses an Elliptic Curve Algorithm (Montgomery Algorithm) to build the encryption keys.	No Attribution	http://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/ https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/ https://blog.morphisec.com/babuk-ransomware-variant-major-attack https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html https://chuongdong.com/reverse%20engineering/2021/01/16/BabukRansomware-v3/	https://malpedia.caad.fkie.fraunhofer.de/details/win.babuk

Signatures

AV Detection

Multi AV Scanner detection for domain / URL

Source: https://autodiscover.com/Autodiscover/Autodiscover.xml

Virustotal: Detection: 6%

Perma Link

Multi AV Scanner detection for submitted file

Source: W4gFpExSht.exe	Virustotal: Detection: 67%			Perma Link
Source: W4gFpExSht.exe	ReversingLabs: Detection: 60%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.7% probability

Uses 32bit PE files

Source: W4gFpExSht.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\.ms-ad\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\3D Objects\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\336a045b-df12-4067-9f71-93ee2edb038d\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\Acrobat_23.006.20320\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\S\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Color\Profiles\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Color\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\User Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\D3DSCache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v2.0_32\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FontCache\4\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FontCache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\af-ZA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-AE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-BH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-DZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-EG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-IQ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-JO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-KW\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-LB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-LY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-MA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-OM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-QA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-SA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-SY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-TN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-YE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\bg-BG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\bn-BD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ca-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\cs-CZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\da-DK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-AT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-DE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-LI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-LU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\el-GR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-029\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-AU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-BZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-CA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-GB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-HK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ID\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-IE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-IN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-JM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-MY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-NZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-SG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-TT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ZA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ZW\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-419\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-AR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-BO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-DO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-EC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-GT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-HN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-MX\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-NI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-SV\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-US\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-UY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-VE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\et-EE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\eu-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fa-IR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fi-FI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-029\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-BE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-FR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-HT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-LU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-MA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-MC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-ML\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-RE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-SN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\gl-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\he-IL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hi-IN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hr-BA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hr-HR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hu-HU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hy-AM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\id-ID\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\it-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\it-IT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ka-GE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\kk-KZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lt-LT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lv-LV\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\mk-MK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ms-BN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ms-MY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nb-NO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nl-BE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nl-NL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pl-PL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pt-BR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pt-PT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ro-MD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ro-RO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ru-RU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sk-SK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sl-SI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sq-AL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sv-FI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sv-SE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\tr-TR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\uk-UA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\DxxAlien_ReadMe.txt	Jump to behavior

Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: dbghelp.dll.daenc.0.dr
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Unable to locate the .pdb file in this location source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: dbghelp.dll.daenc.0.dr
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: .pdb.dbg source: dbghelp.dll.daenc.0.dr
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: chrome.exe.daenc.0.dr
Source:	Binary string: Drive not readyThis error indicates a .pdb file relR source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: or you do not have access permission to the .pdb location. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: dbghelp.dll.daenc.0.dr
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: dbghelp.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: d:\dbs\sh\odct\1105_210049_0\client\onedrive\Setup\Standalone\exe\obj\i386\OneDriveSetup.pdb source: wctFE34.tmp.daenc.0.dr
Source:	Binary string: dbghelp.pdbGCTL source: dbghelp.dll.daenc.0.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_00422240 GetSystemDirectoryW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,Sleep,FindNextFileW,FindClose,FindClose,

0_2_00422240

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\336a045b-df12-4067-9f71-93ee2edb038d\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\	Jump to behavior

Source: dbghelp.dll.daenc.0.dr	String found in binary or memory: http://https://_bad_pdb_file.pdb
Source: W4gFpExSht.exe, 00000000.00000002.3951392901.0000000001967000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.com/Autodiscover/Autodiscover.xml
Source: W4gFpExSht.exe, 00000000.00000002.3951392901.0000000001967000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.com/autodiscover/autodiscover.xml
Source: W4gFpExSht.exe, 00000000.00000002.3951392901.0000000001967000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.sg/Autodiscover/Autodiscover.xml
Source: W4gFpExSht.exe, 00000000.00000002.3951392901.0000000001967000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.uk/autodiscover/autodiscover.xml
Source: wctFE34.tmp.daenc.0.dr	String found in binary or memory: https://dc.services.visualstudio.com/v2/track
Source: wctFE34.tmp.daenc.0.dr	String found in binary or memory: https://g.live.com/1rewlive5skydrive/win81https://g.live.com/1rewlive5skydrive/win8https://g.live.co
Source: wctFE34.tmp.daenc.0.dr	String found in binary or memory: https://g.live.com/odclientsettings/Enterprisehttps://g.live.com/odclientsettings/MsitFasthttps://g.

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_00421840 SHGetFolderPathA,SHGetFolderPathA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetModuleHandleW,LoadImageW,SetWindowPos,SetTimer,GetWindowLongW,LoadBitmapW,BeginPaint,CreateCompatibleDC,SelectObject,SelectObject,GetObjectW,GetClientRect,SetStretchBltMode,StretchBlt,SetTextColor,SetBkMode,SetRect,CreateFontA,SelectObject,DrawTextA,SelectObject,DeleteDC,EndPaint,GetDlgItem,GetDlgItem,ShowWindow,ShowWindow,GetDlgItem,ShowWindow,GetWindowLongW,LoadBitmapW,BeginPaint,CreateCompatibleDC,SelectObject,SelectObject,GetObjectW,GetClientRect,SetStretchBltMode,StretchBlt,SetTextColor,SetBkMode,SetRect,CreateFontA,SelectObject,DrawTextA,SelectObject,DeleteDC,EndPaint,MessageBoxW,GetDlgItemTextA,MessageBoxA,SHGetFolderPathA,EndDialog,GlobalAlloc,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,InvalidateRect,KillTimer,SHGetFolderPathA,MessageBoxW,

0_2_00421840

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\W4gFpExSht.exe

0_2_00421840

Spam, unwanted Advertisements and Ransom Demands

Found ransom note / readme

Source: C:\Users\user\.ms-ad\DxxAlien_ReadMe.txt

Dropped file: Greetings the @world.Your PC is under my control and all your files are encrypted by @Franc_DC and @whitehair_maldev. Please not to do anything. You may lose all your files unexpectedly...Just follow me...Pay COIN to here and send D.M. to above tg users then decryption key will be returned... Best wishes...BTC Address:bc1q9thrny2nfsssj43tg5mzjnthdv2n67lxg3s9ltEtherum Address:0xc7E856E21cd26AA616Fdf6F232cc42859bEf8952

Jump to dropped file

Yara detected Babuk Ransomware

Source: Yara match

File source: Process Memory Space: W4gFpExSht.exe PID: 2696, type: MEMORYSTR

Detected potential crypto function

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041F2A0	0_2_0041F2A0
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041CC10	0_2_0041CC10
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0040841F	0_2_0040841F
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_004140C0	0_2_004140C0
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_004080DD	0_2_004080DD
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041456B	0_2_0041456B
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_00418D0F	0_2_00418D0F
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041FDE0	0_2_0041FDE0
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041BA40	0_2_0041BA40
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0040877E	0_2_0040877E

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: String function: 00420F90 appears 52 times

Uses 32bit PE files

Source: W4gFpExSht.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal60.rans.spyw.winEXE@2/374@0/0

Source: C:\Users\user\Desktop\W4gFpExSht.exe

File created: C:\Users\user\AppData\Roaming\time.dat

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5304:120:WilError_03

Source: C:\Users\user\Desktop\W4gFpExSht.exe

File created: C:\Users\user\AppData\Local\Temp\tmp.bmp

Jump to behavior

Source: W4gFpExSht.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\W4gFpExSht.exe

File read: C:\Users\user\3D Objects\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: wctFE34.tmp.daenc.0.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: wctFE34.tmp.daenc.0.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: wctFE34.tmp.daenc.0.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

Source: W4gFpExSht.exe	Virustotal: Detection: 67%
Source: W4gFpExSht.exe	ReversingLabs: Detection: 60%

Source: unknown	Process created: C:\Users\user\Desktop\W4gFpExSht.exe "C:\Users\user\Desktop\W4gFpExSht.exe"
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: W4gFpExSht.exe

Static file information: File size 21261312 > 1048576

Source: W4gFpExSht.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x141b200

Source: W4gFpExSht.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: dbghelp.dll.daenc.0.dr
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Unable to locate the .pdb file in this location source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: dbghelp.dll.daenc.0.dr
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: .pdb.dbg source: dbghelp.dll.daenc.0.dr
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: chrome.exe.daenc.0.dr
Source:	Binary string: Drive not readyThis error indicates a .pdb file relR source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: or you do not have access permission to the .pdb location. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: dbghelp.dll.daenc.0.dr
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: dbghelp.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: d:\dbs\sh\odct\1105_210049_0\client\onedrive\Setup\Standalone\exe\obj\i386\OneDriveSetup.pdb source: wctFE34.tmp.daenc.0.dr
Source:	Binary string: dbghelp.pdbGCTL source: dbghelp.dll.daenc.0.dr

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_00419421 push ecx; ret

0_2_00419434

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\.ms-ad\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\3D Objects\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\336a045b-df12-4067-9f71-93ee2edb038d\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\Acrobat_23.006.20320\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\S\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Color\Profiles\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Color\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\User Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\D3DSCache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v2.0_32\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FontCache\4\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FontCache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\af-ZA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-AE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-BH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-DZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-EG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-IQ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-JO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-KW\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-LB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-LY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-MA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-OM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-QA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-SA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-SY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-TN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-YE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\bg-BG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\bn-BD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ca-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\cs-CZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\da-DK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-AT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-DE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-LI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-LU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\el-GR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-029\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-AU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-BZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-CA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-GB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-HK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ID\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-IE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-IN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-JM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-MY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-NZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-SG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-TT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ZA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ZW\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-419\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-AR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-BO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-DO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-EC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-GT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-HN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-MX\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-NI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-SV\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-US\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-UY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-VE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\et-EE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\eu-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fa-IR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fi-FI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-029\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-BE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-FR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-HT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-LU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-MA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-MC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-ML\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-RE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-SN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\gl-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\he-IL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hi-IN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hr-BA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hr-HR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hu-HU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hy-AM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\id-ID\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\it-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\it-IT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ka-GE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\kk-KZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lt-LT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lv-LV\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\mk-MK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ms-BN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ms-MY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nb-NO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nl-BE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nl-NL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pl-PL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pt-BR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pt-PT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ro-MD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ro-RO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ru-RU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sk-SK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sl-SI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sq-AL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sv-FI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sv-SE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\tr-TR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\uk-UA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\DxxAlien_ReadMe.txt	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Window / User API: threadDelayed 4472	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Window / User API: threadDelayed 482	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Window / User API: threadDelayed 487	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Window / User API: threadDelayed 2231	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 4644	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\W4gFpExSht.exe TID: 6672	Thread sleep time: -4472000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe TID: 6672	Thread sleep time: -2231000s >= -30000s			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_00422240 GetSystemDirectoryW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,Sleep,FindNextFileW,FindClose,FindClose,

0_2_00422240

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\336a045b-df12-4067-9f71-93ee2edb038d\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\	Jump to behavior

Source: C:\Users\user\Desktop\W4gFpExSht.exe

API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_0040DC46 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0040DC46

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0040DC46 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_0040DC46
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_00401C9A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00401C9A

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_00401617 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00401617

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOG	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Favicons	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\metadata	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Shortcuts	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Browser	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\index	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Variations	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\First Run	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Version	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Top Sites	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DIPS	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Multi AV Scanner detection for domain / URL

Source: https://autodiscover.com/Autodiscover/Autodiscover.xml

Virustotal: Detection: 6%

Perma Link

Multi AV Scanner detection for submitted file

Source: W4gFpExSht.exe	Virustotal: Detection: 67%			Perma Link
Source: W4gFpExSht.exe	ReversingLabs: Detection: 60%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 96.7% probability

Uses 32bit PE files

Source: W4gFpExSht.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\.ms-ad\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\3D Objects\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\336a045b-df12-4067-9f71-93ee2edb038d\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\Acrobat_23.006.20320\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\S\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Color\Profiles\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Color\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\User Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\D3DSCache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v2.0_32\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FontCache\4\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FontCache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\af-ZA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-AE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-BH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-DZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-EG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-IQ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-JO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-KW\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-LB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-LY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-MA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-OM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-QA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-SA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-SY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-TN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-YE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\bg-BG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\bn-BD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ca-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\cs-CZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\da-DK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-AT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-DE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-LI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-LU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\el-GR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-029\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-AU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-BZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-CA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-GB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-HK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ID\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-IE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-IN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-JM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-MY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-NZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-SG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-TT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ZA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ZW\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-419\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-AR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-BO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-DO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-EC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-GT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-HN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-MX\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-NI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-SV\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-US\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-UY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-VE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\et-EE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\eu-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fa-IR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fi-FI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-029\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-BE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-FR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-HT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-LU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-MA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-MC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-ML\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-RE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-SN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\gl-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\he-IL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hi-IN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hr-BA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hr-HR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hu-HU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hy-AM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\id-ID\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\it-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\it-IT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ka-GE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\kk-KZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lt-LT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lv-LV\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\mk-MK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ms-BN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ms-MY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nb-NO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nl-BE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nl-NL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pl-PL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pt-BR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pt-PT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ro-MD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ro-RO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ru-RU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sk-SK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sl-SI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sq-AL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sv-FI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sv-SE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\tr-TR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\uk-UA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\DxxAlien_ReadMe.txt	Jump to behavior

Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: dbghelp.dll.daenc.0.dr
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Unable to locate the .pdb file in this location source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: dbghelp.dll.daenc.0.dr
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: .pdb.dbg source: dbghelp.dll.daenc.0.dr
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: chrome.exe.daenc.0.dr
Source:	Binary string: Drive not readyThis error indicates a .pdb file relR source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: or you do not have access permission to the .pdb location. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: dbghelp.dll.daenc.0.dr
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: dbghelp.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: d:\dbs\sh\odct\1105_210049_0\client\onedrive\Setup\Standalone\exe\obj\i386\OneDriveSetup.pdb source: wctFE34.tmp.daenc.0.dr
Source:	Binary string: dbghelp.pdbGCTL source: dbghelp.dll.daenc.0.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_00422240 GetSystemDirectoryW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,Sleep,FindNextFileW,FindClose,FindClose,

0_2_00422240

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\336a045b-df12-4067-9f71-93ee2edb038d\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\	Jump to behavior

Source: dbghelp.dll.daenc.0.dr	String found in binary or memory: http://https://_bad_pdb_file.pdb
Source: W4gFpExSht.exe, 00000000.00000002.3951392901.0000000001967000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.com/Autodiscover/Autodiscover.xml
Source: W4gFpExSht.exe, 00000000.00000002.3951392901.0000000001967000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.com/autodiscover/autodiscover.xml
Source: W4gFpExSht.exe, 00000000.00000002.3951392901.0000000001967000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.sg/Autodiscover/Autodiscover.xml
Source: W4gFpExSht.exe, 00000000.00000002.3951392901.0000000001967000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.uk/autodiscover/autodiscover.xml
Source: wctFE34.tmp.daenc.0.dr	String found in binary or memory: https://dc.services.visualstudio.com/v2/track
Source: wctFE34.tmp.daenc.0.dr	String found in binary or memory: https://g.live.com/1rewlive5skydrive/win81https://g.live.com/1rewlive5skydrive/win8https://g.live.co
Source: wctFE34.tmp.daenc.0.dr	String found in binary or memory: https://g.live.com/odclientsettings/Enterprisehttps://g.live.com/odclientsettings/MsitFasthttps://g.

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\W4gFpExSht.exe

0_2_00421840

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\W4gFpExSht.exe

0_2_00421840

Spam, unwanted Advertisements and Ransom Demands

Found ransom note / readme

Source: C:\Users\user\.ms-ad\DxxAlien_ReadMe.txt

Jump to dropped file

Yara detected Babuk Ransomware

Source: Yara match

File source: Process Memory Space: W4gFpExSht.exe PID: 2696, type: MEMORYSTR

Detected potential crypto function

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041F2A0	0_2_0041F2A0
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041CC10	0_2_0041CC10
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0040841F	0_2_0040841F
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_004140C0	0_2_004140C0
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_004080DD	0_2_004080DD
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041456B	0_2_0041456B
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_00418D0F	0_2_00418D0F
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041FDE0	0_2_0041FDE0
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0041BA40	0_2_0041BA40
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0040877E	0_2_0040877E

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: String function: 00420F90 appears 52 times

Uses 32bit PE files

Source: W4gFpExSht.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal60.rans.spyw.winEXE@2/374@0/0

Source: C:\Users\user\Desktop\W4gFpExSht.exe

File created: C:\Users\user\AppData\Roaming\time.dat

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5304:120:WilError_03

Source: C:\Users\user\Desktop\W4gFpExSht.exe

File created: C:\Users\user\AppData\Local\Temp\tmp.bmp

Jump to behavior

Source: W4gFpExSht.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\W4gFpExSht.exe

File read: C:\Users\user\3D Objects\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: wctFE34.tmp.daenc.0.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: wctFE34.tmp.daenc.0.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: wctFE34.tmp.daenc.0.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

Source: W4gFpExSht.exe	Virustotal: Detection: 67%
Source: W4gFpExSht.exe	ReversingLabs: Detection: 60%

Source: unknown	Process created: C:\Users\user\Desktop\W4gFpExSht.exe "C:\Users\user\Desktop\W4gFpExSht.exe"
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Section loaded: textshaping.dll	Jump to behavior

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: W4gFpExSht.exe

Static file information: File size 21261312 > 1048576

Source: W4gFpExSht.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x141b200

Source: W4gFpExSht.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: dbghelp.dll.daenc.0.dr
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Unable to locate the .pdb file in this location source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: dbghelp.dll.daenc.0.dr
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: .pdb.dbg source: dbghelp.dll.daenc.0.dr
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: chrome.exe.daenc.0.dr
Source:	Binary string: Drive not readyThis error indicates a .pdb file relR source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: or you do not have access permission to the .pdb location. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: dbghelp.dll.daenc.0.dr
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: dbghelp.pdb source: dbghelp.dll.daenc.0.dr
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: dbghelp.dll.daenc.0.dr
Source:	Binary string: d:\dbs\sh\odct\1105_210049_0\client\onedrive\Setup\Standalone\exe\obj\i386\OneDriveSetup.pdb source: wctFE34.tmp.daenc.0.dr
Source:	Binary string: dbghelp.pdbGCTL source: dbghelp.dll.daenc.0.dr

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_00419421 push ecx; ret

0_2_00419434

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\.ms-ad\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\3D Objects\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\336a045b-df12-4067-9f71-93ee2edb038d\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\Cache_Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\index-dir\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\wasm\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Network\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\AcroCef\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\Acrobat_23.006.20320\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\S\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\{291AA914-A987-4CE9-BD63-0C0A92D435E5}\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\ARM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Color\Profiles\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\Color\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Adobe\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CEF\User Data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\data\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\Unistore\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Comms\UnistoreDB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\D3DSCache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\History.IE5\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\Low\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v2.0_32\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\CLR_v4.0_32\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Credentials\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Feeds Cache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FontCache\4\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\FontCache\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\GameDVR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\af-ZA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-AE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-BH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-DZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-EG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-IQ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-JO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-KW\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-LB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-LY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-MA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-OM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-QA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-SA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-SY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-TN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ar-YE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\bg-BG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\bn-BD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ca-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\cs-CZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\da-DK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-AT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-DE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-LI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\de-LU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\el-GR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-029\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-AU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-BZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-CA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-GB\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-HK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ID\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-IE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-IN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-JM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-MY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-NZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-SG\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-TT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ZA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\en-ZW\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-419\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-AR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-BO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-CR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-DO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-EC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-GT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-HN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-MX\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-NI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-PY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-SV\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-US\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-UY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\es-VE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\et-EE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\eu-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fa-IR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fi-FI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-029\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-BE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-CM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-FR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-HT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-LU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-MA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-MC\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-ML\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-RE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\fr-SN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\gl-ES\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\he-IL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hi-IN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hr-BA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hr-HR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hu-HU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\hy-AM\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\id-ID\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\it-CH\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\it-IT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ka-GE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\kk-KZ\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lt-LT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\lv-LV\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\mk-MK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ms-BN\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ms-MY\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nb-NO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nl-BE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\nl-NL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pl-PL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pt-BR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\pt-PT\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ro-MD\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ro-RO\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\ru-RU\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sk-SK\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sl-SI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sq-AL\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sv-FI\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\sv-SE\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\tr-TR\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\uk-UA\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\input\DxxAlien_ReadMe.txt	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File created: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Media Player\DxxAlien_ReadMe.txt	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Window / User API: threadDelayed 4472	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Window / User API: threadDelayed 482	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Window / User API: threadDelayed 487	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Window / User API: threadDelayed 2231	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 4644	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\W4gFpExSht.exe TID: 6672	Thread sleep time: -4472000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe TID: 6672	Thread sleep time: -2231000s >= -30000s			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_00422240 GetSystemDirectoryW,wsprintfW,wsprintfW,wsprintfW,FindFirstFileW,Sleep,FindNextFileW,FindClose,FindClose,

0_2_00422240

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\336a045b-df12-4067-9f71-93ee2edb038d\	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\	Jump to behavior

Source: C:\Users\user\Desktop\W4gFpExSht.exe

API call chain: ExitProcess graph end node

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_0040DC46 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0040DC46

Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_0040DC46 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_0040DC46
Source: C:\Users\user\Desktop\W4gFpExSht.exe	Code function: 0_2_00401C9A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00401C9A

Source: C:\Users\user\Desktop\W4gFpExSht.exe

Code function: 0_2_00401617 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00401617

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOG	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Favicons	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\metadata	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Shortcuts	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Browser	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_3	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_2	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_1	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\index	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Variations	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_0	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\First Run	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Last Version	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Top Sites	Jump to behavior
Source: C:\Users\user\Desktop\W4gFpExSht.exe	File opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DIPS	Jump to behavior

ID:	1526558
Product:	CloudBasic
Start time:	10:13:43
Start date:	06.10.2024
Sample:	W4gFpExSht.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	57e7e2151ac4443d3a30d61d4426428a
SHA1:	b2adca307d1f5d1c92cfcdac269ccf269bd8155a
SHA256:	4331d2c1d7e3b285c951be6ab77984072044cb0085e71b448d6858c421826bc8
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
W4gFpExSht.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Windows Analysis Report W4gFpExSht.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
W4gFpExSht.exe

Malware Threat Intel
Provided by