"BootDefrag.exe" has type "PE32+ executable (native) x86-64 for MS Windows" "SpyRemover.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows" Source Hybrid Analysis Technology relevance 1/10 Reads the cryptographic machine from Integrator.exe (PID: 3404) ( Show from Integrator.exe (PID: 3404) ( Show from AutoUpdate.exe (PID: 3904) ( Show from AutoUpdate.exe (PID: 3904) ( Show from AutoUpdate.exe (PID: 3904) ( Show from AutoUpdate.exe (PID: 3904) ( Show from AutoUpdate.exe (PID: 3904) ( Show from AutoUpdate.exe (PID: 3904) ( Show from AutoUpdate.exe (PID: 3904) ( Show from AutoUpdate.exe (PID: 3904) ( Show from AutoUpdate.exe (PID: 3904) ( Show from SoftwareUpdate.exe (PID: 4024) ( Show from PID at at 33747-1905-00406971 "SoftwareUpdate.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME" Key: "COMPUTERNAME") "upgrade.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME" Key: "COMPUTERNAME") "AutoUpdate.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME" Key: "COMPUTERNAME") "Integrator.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME" Key: "COMPUTERNAME") "Initialize.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME" Key: "COMPUTERNAME") "StartupManager.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME" Key: "COMPUTERNAME") "DiskDefrag.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME" Key: "COMPUTERNAME") "sendinfo.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME" Key: "COMPUTERNAME") "" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME" Key: "COMPUTERNAME") Source Hybrid Analysis Technology relevance 5/10 "iexplore.exe" wrote 4 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 776)įound more than one unique at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at at 200000140011410 "iexplore.exe" wrote 52 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 776) "iexplore.exe" wrote 32 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 776) "" wrote 4 bytes to a remote process "C:\Program Files\Glary Utilities 5\Integrator.exe" (Handle: 560) "" wrote 52 bytes to a remote process "C:\Program Files\Glary Utilities 5\Integrator.exe" (Handle: 560) "" wrote 32 bytes to a remote process "C:\Program Files\Glary Utilities 5\Integrator.exe" (Handle: 560) "" wrote 4 bytes to a remote process "C:\Program Files\Glary Utilities 5\Initialize.exe" (Handle: 452) "" wrote 52 bytes to a remote process "C:\Program Files\Glary Utilities 5\Initialize.exe" (Handle: 452) "" wrote 32 bytes to a remote process "C:\Program Files\Glary Utilities 5\Initialize.exe" (Handle: 452) "" wrote 4 bytes to a remote process "C:\Program Files\Glary Utilities 5\StartupManager.exe" (Handle: 428) "" wrote 52 bytes to a remote process "C:\Program Files\Glary Utilities 5\StartupManager.exe" (Handle: 428) "" wrote 32 bytes to a remote process "C:\Program Files\Glary Utilities 5\StartupManager.exe" (Handle: 428) "" wrote 4 bytes to a remote process "C:\Program Files\Glary Utilities 5\DiskDefrag.exe" (Handle: 452) "" wrote 52 bytes to a remote process "C:\Program Files\Glary Utilities 5\DiskDefrag.exe" (Handle: 452) "" wrote 32 bytes to a remote process "C:\Program Files\Glary Utilities 5\DiskDefrag.exe" (Handle: 452) "" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\nsfAFC0.tmp\sendinfo.exe" (Handle: 436) "" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\nsfAFC0.tmp\sendinfo.exe" (Handle: 436) "" wrote 32 bytes to a remote process "%TEMP%\nsfAFC0.tmp\sendinfo.exe" (Handle: 436)
OBJECTDOCK PLUS V201 WINDOWS
Source Hybrid Analysis Technology relevance 8/10ĭrops executable files to the Windows system directory From DiskDefrag.exe (PID: 1348) ( Show from DiskDefrag.exe (PID: 1348) ( Show from DiskDefrag.exe (PID: 1348) ( Show from DiskDefrag.exe (PID: 1348) ( Show from DiskDefrag.exe (PID: 1348) ( Show from DiskDefrag.exe (PID: 1348) ( Show from DiskDefrag.exe (PID: 1348) ( Show from DiskDefrag.exe (PID: 1348) ( Show at at at at at at 21000001400084C0