Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8449B GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00C8449B |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8C7E8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_00C8C7E8 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8C75D FindFirstFileW,FindClose, |
0_2_00C8C75D |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8F021 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00C8F021 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8F17E SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00C8F17E |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8F47F FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
0_2_00C8F47F |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C83833 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00C83833 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C83B56 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00C83B56 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8BD48 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
0_2_00C8BD48 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C9407C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, |
0_2_00C9407C |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C9427A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard, |
0_2_00C9427A |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C9407C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard, |
0_2_00C9407C |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8003A GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState, |
0_2_00C8003A |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00CACB26 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW, |
0_2_00CACB26 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: This is a third-party compiled AutoIt script. |
0_2_00C23B4C |
Source: 01_extracted.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
|
Source: 01_extracted.exe, 00000000.00000002.1763199710.0000000000CD4000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_2ab603ed-b |
Source: 01_extracted.exe, 00000000.00000002.1763199710.0000000000CD4000.00000002.00000001.01000000.00000003.sdmp |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer" |
memstr_2dcf8300-e |
Source: 01_extracted.exe |
String found in binary or memory: This is a third-party compiled AutoIt script. |
memstr_c86d27c2-8 |
Source: 01_extracted.exe |
String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer" |
memstr_9d491f07-2 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8A279: GetFullPathNameW,__swprintf,CreateDirectoryW,CreateFileW,_memset,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle, |
0_2_00C8A279 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C78638 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock, |
0_2_00C78638 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C2E800 |
0_2_00C2E800 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C2E060 |
0_2_00C2E060 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C34140 |
0_2_00C34140 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C42345 |
0_2_00C42345 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C56452 |
0_2_00C56452 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00CA0465 |
0_2_00CA0465 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C525AE |
0_2_00C525AE |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4277A |
0_2_00C4277A |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00CA08E2 |
0_2_00CA08E2 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C36841 |
0_2_00C36841 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C569C4 |
0_2_00C569C4 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C38968 |
0_2_00C38968 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C5890F |
0_2_00C5890F |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C7E928 |
0_2_00C7E928 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C88932 |
0_2_00C88932 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4CCA1 |
0_2_00C4CCA1 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C56F36 |
0_2_00C56F36 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C370FE |
0_2_00C370FE |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C33190 |
0_2_00C33190 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C21287 |
0_2_00C21287 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4F359 |
0_2_00C4F359 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C43307 |
0_2_00C43307 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C35680 |
0_2_00C35680 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C41604 |
0_2_00C41604 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C358C0 |
0_2_00C358C0 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C47813 |
0_2_00C47813 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4DAF5 |
0_2_00C4DAF5 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C41AF8 |
0_2_00C41AF8 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C59C35 |
0_2_00C59C35 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C2FE40 |
0_2_00C2FE40 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00CA7E0D |
0_2_00CA7E0D |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C41F10 |
0_2_00C41F10 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4BF26 |
0_2_00C4BF26 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: String function: 00C48A80 appears 42 times |
|
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: String function: 00C40C63 appears 70 times |
|
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: String function: 00C27F41 appears 35 times |
|
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C784F3 AdjustTokenPrivileges,CloseHandle, |
0_2_00C784F3 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C78AA3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError, |
0_2_00C78AA3 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C984D0 CoInitialize,CoUninitialize,CoCreateInstance,IIDFromString,VariantInit,VariantClear, |
0_2_00C984D0 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C24FE9 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource, |
0_2_00C24FE9 |
Source: unknown |
Process created: C:\Users\user\Desktop\01_extracted.exe "C:\Users\user\Desktop\01_extracted.exe" |
Source: C:\Users\user\Desktop\01_extracted.exe |
Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 652 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: winmm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: 01_extracted.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: 01_extracted.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: 01_extracted.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: 01_extracted.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: 01_extracted.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: 01_extracted.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: 01_extracted.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: 01_extracted.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: 01_extracted.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: 01_extracted.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: 01_extracted.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C702D4 push ecx; ret |
0_2_00C703D0 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C703D6 push ecx; ret |
0_2_00C703D8 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C703D2 push ecx; ret |
0_2_00C703D4 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C88538 push FFFFFF8Bh; iretd |
0_2_00C8853A |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4E88F push edi; ret |
0_2_00C4E891 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4E9A8 push esi; ret |
0_2_00C4E9AA |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C48AC5 push ecx; ret |
0_2_00C48AD8 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4EB83 push esi; ret |
0_2_00C4EB85 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4EC6C push edi; ret |
0_2_00C4EC6E |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C311AD push cs; ret |
0_2_00C311AE |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C311B0 push cs; ret |
0_2_00C311B6 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C31118 push cs; ret |
0_2_00C3111E |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C31120 push cs; ret |
0_2_00C311AA |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C354D4 push edx; ret |
0_2_00C354EA |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C3548B push ebx; ret |
0_2_00C354A6 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C354A7 push eax; ret |
0_2_00C354B6 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C35474 push ebx; ret |
0_2_00C3548A |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C35404 push ebx; ret |
0_2_00C35436 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C35543 push ebx; ret |
0_2_00C3554A |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C3554B push ebx; ret |
0_2_00C3554E |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C35501 push edx; ret |
0_2_00C35516 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C35518 push eax; ret |
0_2_00C35542 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C317E3 push ss; ret |
0_2_00C317EC |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C317ED push ss; ret |
0_2_00C317F0 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C317FD push ss; ret |
0_2_00C31800 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C24A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_00C24A35 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00CA53DF IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed, |
0_2_00CA53DF |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C43307 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, |
0_2_00C43307 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8449B GetFileAttributesW,FindFirstFileW,FindClose, |
0_2_00C8449B |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8C7E8 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf, |
0_2_00C8C7E8 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8C75D FindFirstFileW,FindClose, |
0_2_00C8C75D |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8F021 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00C8F021 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8F17E SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose, |
0_2_00C8F17E |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8F47F FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
0_2_00C8F47F |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C83833 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00C83833 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C83B56 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose, |
0_2_00C83B56 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C8BD48 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose, |
0_2_00C8BD48 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C24AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, |
0_2_00C24AFE |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.3.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.3.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.3.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.3.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.sys |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0 |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.3.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.3.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.3.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.3.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.3.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.3.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.3.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.3.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C23B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, |
0_2_00C23B4C |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C55BFC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
0_2_00C55BFC |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C781D4 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity, |
0_2_00C781D4 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4A2D5 SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00C4A2D5 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C4A2A4 SetUnhandledExceptionFilter, |
0_2_00C4A2A4 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C23B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW, |
0_2_00C23B4C |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C24A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput, |
0_2_00C24A35 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C781D4 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity, |
0_2_00C781D4 |
Source: 01_extracted.exe |
Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning |
Source: 01_extracted.exe |
Binary or memory string: Shell_TrayWnd |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C540BA __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte, |
0_2_00C540BA |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C24AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo, |
0_2_00C24AFE |
Source: Amcache.hve.3.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.3.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.3.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.3.dr |
Binary or memory string: MsMpEng.exe |
Source: 01_extracted.exe |
Binary or memory string: WIN_81 |
Source: 01_extracted.exe |
Binary or memory string: WIN_XP |
Source: 01_extracted.exe |
Binary or memory string: WIN_XPe |
Source: 01_extracted.exe |
Binary or memory string: WIN_VISTA |
Source: 01_extracted.exe |
Binary or memory string: WIN_7 |
Source: 01_extracted.exe |
Binary or memory string: WIN_8 |
Source: 01_extracted.exe |
Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C96399 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket, |
0_2_00C96399 |
Source: C:\Users\user\Desktop\01_extracted.exe |
Code function: 0_2_00C9685D socket,WSAGetLastError,bind,WSAGetLastError,closesocket, |
0_2_00C9685D |