Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_00406436 FindFirstFileW,FindClose, |
1_2_00406436 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_00406DFC DeleteFileW,CloseHandle,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, |
1_2_00406DFC |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_00402E18 FindFirstFileW, |
1_2_00402E18 |
Source: setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, nsiB2D7.tmp.1.dr |
String found in binary or memory: ping -n 1 -w 400 www.yahoo.comonlineno connection equals www.yahoo.com (Yahoo) |
Source: setup.exe.0.dr |
String found in binary or memory: http://crl.aol.com/AOL/MasterCRL.crl0 |
Source: setup.exe.0.dr |
String found in binary or memory: http://crl.aol.com/AOLMSPKI/aolCodeSign.crl0 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t |
Source: setup.exe.0.dr |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0# |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0# |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0# |
Source: nsiB2D7.tmp.1.dr |
String found in binary or memory: http://dev.winamp.com/wiki/Main_Page |
Source: setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, nsiB2D7.tmp.1.dr |
String found in binary or memory: http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exed3dx9_31.dll |
Source: setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, nsiB2D7.tmp.1.dr |
String found in binary or memory: http://download.nullsoft.com/redist/dx/dxwebsetup.exed3dx9_42.dll |
Source: setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, nsiB2D7.tmp.1.dr |
String found in binary or memory: http://download.nullsoft.com/redist/wm/wmfdist95.exe3287http://download.nullsoft.com/redist/wm/wmfdi |
Source: setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, nsiB2D7.tmp.1.dr |
String found in binary or memory: http://forums.winamp.comURLUpdateInfo5.66 |
Source: nsiB2D7.tmp.1.dr |
String found in binary or memory: http://lyricsplugin.com |
Source: nsiB2D7.tmp.1.dr |
String found in binary or memory: http://mp3licensing.com |
Source: setup.exe, 00000001.00000000.1750300204.0000000000408000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000001.00000002.2961693223.0000000000408000.00000002.00000001.01000000.00000006.sdmp, setup.exe.0.dr |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: http://ocsp.sectigo.com0M |
Source: setup.exe.0.dr |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: setup.exe.0.dr |
String found in binary or memory: http://ocsp.web.aol.com:80/ocsp0 |
Source: setup.exe.0.dr |
String found in binary or memory: http://pki-info.aol.com/AOLMSPKI/index.html0 |
Source: setup.exe.0.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: setup.exe.0.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: setup.exe.0.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: setup.exe.0.dr |
String found in binary or memory: http://www.winamp.com |
Source: setup.exe, 00000001.00000000.1750690873.0000000000678000.00000002.00000001.01000000.00000006.sdmp, setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, setup.exe.0.dr, nsiB2D7.tmp.1.dr |
String found in binary or memory: http://www.winamp.com/ |
Source: nsiB2D7.tmp.1.dr |
String found in binary or memory: http://www.winamp.com/download |
Source: nsiB2D7.tmp.1.dr |
String found in binary or memory: http://www.winamp.com/legal/cloud |
Source: setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, nsiB2D7.tmp.1.dr |
String found in binary or memory: http://www.winamp.com/legal/eula/pc0x3FF0x02 |
Source: setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, nsiB2D7.tmp.1.dr |
String found in binary or memory: http://www.winamp.com/legal/eula/pcopen |
Source: nsiB2D7.tmp.1.dr |
String found in binary or memory: http://www.winamp.com/legal/privacy |
Source: setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, nsiB2D7.tmp.1.dr |
String found in binary or memory: http://www.winamp.com/open |
Source: setup.exe, 00000001.00000002.2962784724.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000001.00000002.2962665921.0000000002B42000.00000004.00000020.00020000.00000000.sdmp, nsiB2D7.tmp.1.dr |
String found in binary or memory: http://www.winamp.comPublisherVersionMajorVersionMinorNoRepairNoModifyModifyPathInstallLocationDispl |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: https://curl.se/docs/alt-svc.html |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: https://curl.se/docs/hsts.html |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: https://curl.se/docs/http-cookies.html |
Source: setup.exe.0.dr |
String found in binary or memory: https://pki-info.aol.com/AOL/index.html05 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_0040522D GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, |
1_2_0040522D |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_00404605 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, |
1_2_00404605 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_004039E3 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx, |
1_2_004039E3 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_00404605 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, |
1_2_00404605 |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe "C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\Setup.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Process created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\Setup.exe" |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: pcacli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: acgenral.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: samcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: msacm32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: winmmbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\setup.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_00406436 FindFirstFileW,FindClose, |
1_2_00406436 |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_00406DFC DeleteFileW,CloseHandle,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, |
1_2_00406DFC |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_00402E18 FindFirstFileW, |
1_2_00402E18 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe, 00000000.00000002.1752589497.0000000003710000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: War&Prod_VMware_SATA_CD0 |
Source: SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe, 00000000.00000003.1751240027.0000000000C85000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Cm |
Source: C:\Users\user\Desktop\setup.exe |
Code function: 1_2_6CEB188A CreateControl,GetProcessHeap,GetProcessHeap,HeapAlloc,GetProcessHeap,GetProcessHeap,HeapReAlloc,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,lstrcmpiW,CreateWindowExW,SetPropW,SendMessageW,SendMessageW,SendMessageW,SetWindowLongW,GetProcessHeap,RtlFreeHeap, |
1_2_6CEB188A |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Code function: 0_2_013D2EAC IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_013D2EAC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe |
Code function: 0_2_0137A955 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_0137A955 |