What is dpesythg.exe?
dpesythg.exe is usually located in the 'c:\downloads\' folder.
Some of the anti-virus scanners at VirusTotal detected dpesythg.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Digital signatures [?]
dpesythg.exe is not signed.
VirusTotal report
41 of the 69 anti-virus programs at VirusTotal detected the dpesythg.exe file. That's a 59% detection rate.
| Scanner | Detection Name |
|---|---|
| Acronis | suspicious |
| Ad-Aware | Trojan.GenericKD.31768463 |
| AhnLab-V3 | Malware/Win32.Generic.C2816343 |
| ALYac | Trojan.GenericKD.31768463 |
| Arcabit | Trojan.Generic.D1E4BF8F |
| Avast | Win32:Evo-gen [Susp] |
| AVG | Win32:Evo-gen [Susp] |
| BitDefender | Trojan.GenericKD.31768463 |
| CAT-QuickHeal | Trojan.Blackmoon |
| Comodo | Packed.Win32.MUPX.Gen@24tbus |
| CrowdStrike | win/malicious_confidence_60% (W) |
| Cylance | Unsafe |
| Cyren | W32/Trojan.MGYD-1795 |
| Emsisoft | Trojan.GenericKD.31768463 (B) |
| Endgame | malicious (moderate confidence) |
| ESET-NOD32 | a variant of Win32/Packed.BlackMoon.A potentially unwanted |
| Fortinet | Riskware/Application |
| GData | Win32.Trojan.Agent.WP |
| Ikarus | AdWare.Win32.BlackMoon |
| Invincea | heuristic |
| K7AntiVirus | Adware ( 005070c51 ) |
| K7GW | Adware ( 005070c51 ) |
| MAX | malware (ai score=100) |
| McAfee | RDN/Generic.dx |
| McAfee-GW-Edition | BehavesLike.Win32.SpamMailbot.kc |
| Microsoft | Trojan:Win32/Occamy.C |
| MicroWorld-eScan | Trojan.GenericKD.31768463 |
| NANO-Antivirus | Trojan.Win32.Mlw.fnxcsx |
| Paloalto | generic.ml |
| Panda | Trj/GdSda.A |
| Qihoo-360 | HEUR/QVM11.1.BBAF.Malware.Gen |
| Rising | Trojan.Azden!8.F0E3 (CLOUD) |
| SentinelOne | DFI - Malicious PE |
| Sophos | Generic PUA DN (PUA) |
| Symantec | Trojan.Gen.MBT |
| TheHacker | Posible_Worm32 |
| TotalDefense | Win32/Oflwr.A!crypt |
| Trapmine | malicious.high.ml.score |
| TrendMicro | TROJ_GEN.R061C0OCC19 |
| TrendMicro-HouseCall | TROJ_GEN.R061C0OCC19 |
| VBA32 | BScope.Trojan.Downloader |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234"
],
"dll_loaded": [
"GDI32.dll",
"SHELL32.dll",
"KERNEL32.DLL",
"WINSPOOL.DRV",
"ADVAPI32.dll",
"PSAPI.DLL",
"SHLWAPI.dll",
"USER32.dll",
"COMCTL32.dll"
],
"file_failed": [
"C:\\Windows\\IME\\unloadcur.exe",
"C:\\Windows\\InfusedAppe",
"C:\\Windows\\IME\\logagnet.exe",
"C:\\Windows\\IME\\uncsvc.exe",
"C:\\Windows\\IME\\avrtes.exe",
"C:\\Windows\\IME\\sxstruse.exe",
"C:\\Windows\\IME\\docropool.exe",
"C:\\Windows\\IME\\appveif.exe",
"C:\\Windows\\IME\\DipsAwayMode.exe",
"C:\\Windows\\IME\\esentur.exe",
"C:\\Windows\\IME\\ilodetect.exe",
"C:\\Windows\\IME\\dsauutoh.exe",
"C:\\Windows\\IME\\wlanexts.exe",
"C:\\Windows\\IME\\cttunes.exe",
"C:\\Windows\\IME\\mscteui.exe"
],
"command_line": [
"cmd \/c schtasks \/delete \/tn * \/f"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\TemporaryFile\\TemporaryFile"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\TemporaryFile"
],
"file_exists": [
"",
"C:\\Windows\\IME\\unloadcur.exe",
"C:\\Windows\\InfusedAppe",
"C:\\Windows\\IME\\logagnet.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\37a64fd0cb4b36b882cdc25820628d09055132455759ab662840149dd4145225.bin",
"C:\\Windows\\IME\\uncsvc.exe",
"C:\\Windows\\IME\\appveif.exe",
"C:\\Windows\\IME\\sxstruse.exe",
"C:\\Windows\\IME\\docropool.exe",
"C:\\Windows\\IME\\DipsAwayMode.exe",
"C:\\Windows\\IME\\avrtes.exe",
"C:\\Windows\\IME\\esentur.exe",
"C:\\Windows\\IME\\ilodetect.exe",
"C:\\Windows\\IME\\dsauutoh.exe",
"C:\\Windows\\IME\\wlanexts.exe",
"C:\\Windows\\IME\\cttunes.exe",
"C:\\Windows\\IME\\mscteui.exe"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\37a64fd0cb4b36b882cdc25820628d09055132455759ab662840149dd4145225.bin",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\....\\"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\TemporaryFile\\*"
]
}Dropped
[
{
"yara": [],
"sha1": "3df9541a2b150c47974cce3d962bfb4c5ee8a039",
"name": "37a64fd0cb4b36b8_TemporaryFile",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\TemporaryFile\\TemporaryFile",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed",
"sha256": "37a64fd0cb4b36b882cdc25820628d09055132455759ab662840149dd4145225",
"urls": [],
"crc32": "AD2A68BB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/8910\/files\/37a64fd0cb4b36b8_TemporaryFile",
"ssdeep": null,
"size": 62464,
"sha512": "e0172d181a4f005c4af193dcbd92d298b19ed377601e6f5ab389f2c9957bab26c9a30132055ce6e1b5a308f62676c97c07aa67231bbf2f93573387a91bc1daa6",
"pids": [],
"md5": "e72de968a25cd8364f01fef9da77be47"
}
]Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\37a64fd0cb4b36b882cdc25820628d09055132455759ab662840149dd4145225.bin",
"process_name": "37a64fd0cb4b36b882cdc25820628d09055132455759ab662840149dd4145225.bin",
"pid": 2816,
"summary": {
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234"
],
"dll_loaded": [
"GDI32.dll",
"SHELL32.dll",
"KERNEL32.DLL",
"WINSPOOL.DRV",
"ADVAPI32.dll",
"PSAPI.DLL",
"SHLWAPI.dll",
"USER32.dll",
"COMCTL32.dll"
],
"file_failed": [
"C:\\Windows\\IME\\unloadcur.exe",
"C:\\Windows\\InfusedAppe",
"C:\\Windows\\IME\\logagnet.exe",
"C:\\Windows\\IME\\uncsvc.exe",
"C:\\Windows\\IME\\avrtes.exe",
"C:\\Windows\\IME\\sxstruse.exe",
"C:\\Windows\\IME\\docropool.exe",
"C:\\Windows\\IME\\appveif.exe",
"C:\\Windows\\IME\\DipsAwayMode.exe",
"C:\\Windows\\IME\\esentur.exe",
"C:\\Windows\\IME\\ilodetect.exe",
"C:\\Windows\\IME\\dsauutoh.exe",
"C:\\Windows\\IME\\wlanexts.exe",
"C:\\Windows\\IME\\cttunes.exe",
"C:\\Windows\\IME\\mscteui.exe"
],
"command_line": [
"cmd \/c schtasks \/delete \/tn * \/f"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\TemporaryFile\\TemporaryFile"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\TemporaryFile",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\TemporaryFile"
],
"file_exists": [
"",
"C:\\Windows\\IME\\unloadcur.exe",
"C:\\Windows\\InfusedAppe",
"C:\\Windows\\IME\\logagnet.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\37a64fd0cb4b36b882cdc25820628d09055132455759ab662840149dd4145225.bin",
"C:\\Windows\\IME\\uncsvc.exe",
"C:\\Windows\\IME\\appveif.exe",
"C:\\Windows\\IME\\sxstruse.exe",
"C:\\Windows\\IME\\docropool.exe",
"C:\\Windows\\IME\\DipsAwayMode.exe",
"C:\\Windows\\IME\\avrtes.exe",
"C:\\Windows\\IME\\esentur.exe",
"C:\\Windows\\IME\\ilodetect.exe",
"C:\\Windows\\IME\\dsauutoh.exe",
"C:\\Windows\\IME\\wlanexts.exe",
"C:\\Windows\\IME\\cttunes.exe",
"C:\\Windows\\IME\\mscteui.exe"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\37a64fd0cb4b36b882cdc25820628d09055132455759ab662840149dd4145225.bin",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\....\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\....\\"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697093\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696812\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696921\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697453\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697234\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696937\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697156\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697390\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696781\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696968\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697609\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697031\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697312\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21696859\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697375\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697078\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697062\\TemporaryFile\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\21697531\\TemporaryFile\\*"
]
},
"first_seen": 1597323186.65625,
"ppid": 2016
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1597323186.34375,
"ppid": 376
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "The executable uses a known packer",
"severity": 1,
"marks": [
{
"category": "packer",
"ioc": "UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "peid_packer"
},
{
"markcount": 1,
"families": [],
"description": "Creates a suspicious process",
"severity": 2,
"marks": [
{
"category": "cmdline",
"ioc": "cmd \/c schtasks \/delete \/tn * \/f",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "suspicious_process"
},
{
"markcount": 1,
"families": [],
"description": "Drops an executable to the user AppData folder",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\21767890\\TemporaryFile\\TemporaryFile",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "exe_appdata"
},
{
"markcount": 15,
"families": [],
"description": "Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x0000009c",
"process_identifier": 2968
},
"time": 1597323186.79625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 340
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x000000ec",
"process_identifier": 460
},
"time": 1597323186.82825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 1440
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": 0,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x000000f0",
"process_identifier": 12060
},
"time": 1597323186.82825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 1483
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x000000f4",
"process_identifier": 23807
},
"time": 1597323186.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2614
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x000000f8",
"process_identifier": 35533
},
"time": 1597323186.93725,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 3740
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x000000fc",
"process_identifier": 47260
},
"time": 1597323186.96825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 4868
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000100",
"process_identifier": 58988
},
"time": 1597323187.04625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5992
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000104",
"process_identifier": 70725
},
"time": 1597323187.06225,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 7122
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000108",
"process_identifier": 82485
},
"time": 1597323187.09325,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 8254
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x0000010c",
"process_identifier": 94224
},
"time": 1597323187.17125,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 9384
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000110",
"process_identifier": 105925
},
"time": 1597323187.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 10511
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000114",
"process_identifier": 117665
},
"time": 1597323187.31225,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 11641
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000118",
"process_identifier": 129407
},
"time": 1597323187.39025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 12768
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x0000011c",
"process_identifier": 141151
},
"time": 1597323187.46825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 13898
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000120",
"process_identifier": 152896
},
"time": 1597323187.54625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 15025
}
],
"references": [],
"name": "injection_process_search"
},
{
"markcount": 2,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.909383624357929,
"section": {
"size_of_data": "0x0000ec00",
"virtual_address": "0x0002d000",
"entropy": 7.909383624357929,
"name": "UPX1",
"virtual_size": "0x0000f000"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.9833333333333333,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
},
{
"markcount": 2,
"families": [],
"description": "Expresses interest in specific running processes",
"severity": 2,
"marks": [
{
"category": "process",
"ioc": "conhost.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "cmd.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "process_interest"
},
{
"markcount": 11506,
"families": [],
"description": "Repeatedly searches for a not-found process, you may want to run a web browser during analysis",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "\u0002",
"snapshot_handle": "0x0000009c",
"process_identifier": 0
},
"time": 1597323186.79625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 341
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": 0,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x000000f0",
"process_identifier": 12060
},
"time": 1597323186.82825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 1483
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x000000f4",
"process_identifier": 23807
},
"time": 1597323186.87525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 2614
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x000000f8",
"process_identifier": 35533
},
"time": 1597323186.93725,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 3740
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x000000fc",
"process_identifier": 47260
},
"time": 1597323186.96825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 4868
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000100",
"process_identifier": 58988
},
"time": 1597323187.04625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 5992
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000104",
"process_identifier": 70725
},
"time": 1597323187.06225,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 7122
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000108",
"process_identifier": 82485
},
"time": 1597323187.09325,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 8254
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x0000010c",
"process_identifier": 94224
},
"time": 1597323187.17125,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 9384
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000110",
"process_identifier": 105925
},
"time": 1597323187.25025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 10511
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000114",
"process_identifier": 117665
},
"time": 1597323187.31225,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 11641
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000118",
"process_identifier": 129407
},
"time": 1597323187.39025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 12768
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x0000011c",
"process_identifier": 141151
},
"time": 1597323187.46825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 13898
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conh\u7828(t.\f",
"snapshot_handle": "0x00000120",
"process_identifier": 152896
},
"time": 1597323187.54625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 15025
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000130",
"process_identifier": 460
},
"time": 1597323187.62525,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16232
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000140",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16348
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000144",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16389
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000148",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16430
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x0000014c",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16471
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000150",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16512
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000154",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16553
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000158",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16594
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x0000015c",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16635
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000160",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16676
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000164",
"process_identifier": 460
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16717
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000168",
"process_identifier": 460
},
"time": 1597323187.65625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16758
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x0000016c",
"process_identifier": 460
},
"time": 1597323187.65625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16799
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000170",
"process_identifier": 460
},
"time": 1597323187.65625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16840
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000174",
"process_identifier": 460
},
"time": 1597323187.65625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16881
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000178",
"process_identifier": 460
},
"time": 1597323187.65625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16922
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x0000017c",
"process_identifier": 460
},
"time": 1597323187.65625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16963
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000180",
"process_identifier": 460
},
"time": 1597323187.65625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17004
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000184",
"process_identifier": 460
},
"time": 1597323187.65625,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17045
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "conhost.exe",
"snapshot_handle": "0x00000194",
"process_identifier": 460
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17174
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001a4",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17299
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001a8",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17339
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001ac",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17379
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001b0",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17419
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001b4",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17459
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001b8",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17499
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001bc",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17539
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001c0",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17579
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001c4",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17619
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001c8",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17659
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001cc",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17699
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001d0",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17739
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001d4",
"process_identifier": 2968
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17779
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001d8",
"process_identifier": 2968
},
"time": 1597323187.73425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17819
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001dc",
"process_identifier": 2968
},
"time": 1597323187.73425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17859
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "Process32NextW",
"return_value": 0,
"arguments": {
"process_name": "cmd.exe",
"snapshot_handle": "0x000001e0",
"process_identifier": 2968
},
"time": 1597323187.73425,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17899
}
],
"references": [],
"name": "process_needed"
},
{
"markcount": 8,
"families": [],
"description": "Terminates another process",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "NtTerminateProcess",
"return_value": 0,
"arguments": {
"status_code": "0x00000000",
"process_identifier": 1700,
"process_handle": "0x00000128"
},
"time": 1597323187.60925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16147
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtTerminateProcess",
"return_value": 0,
"arguments": {
"status_code": "0x00000000",
"process_identifier": 1700,
"process_handle": "0x00000128"
},
"time": 1597323187.60925,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16148
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "NtTerminateProcess",
"return_value": 0,
"arguments": {
"status_code": "0x00000000",
"process_identifier": 1692,
"process_handle": "0x00000138"
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16265
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtTerminateProcess",
"return_value": 0,
"arguments": {
"status_code": "0x00000000",
"process_identifier": 1692,
"process_handle": "0x00000138"
},
"time": 1597323187.64025,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 16266
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "NtTerminateProcess",
"return_value": 0,
"arguments": {
"status_code": "0x00000000",
"process_identifier": 460,
"process_handle": "0x0000018c"
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17091
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtTerminateProcess",
"return_value": 0,
"arguments": {
"status_code": "0x00000000",
"process_identifier": 460,
"process_handle": "0x0000018c"
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17092
},
{
"call": {
"category": "process",
"status": 0,
"stacktrace": [],
"last_error": 18,
"nt_status": -1073741772,
"api": "NtTerminateProcess",
"return_value": 0,
"arguments": {
"status_code": "0x00000000",
"process_identifier": 2968,
"process_handle": "0x0000019c"
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17218
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtTerminateProcess",
"return_value": 0,
"arguments": {
"status_code": "0x00000000",
"process_identifier": 2968,
"process_handle": "0x0000019c"
},
"time": 1597323187.71825,
"tid": 2420,
"flags": {}
},
"pid": 2816,
"type": "call",
"cid": 17219
}
],
"references": [],
"name": "terminates_remote_process"
},
{
"markcount": 3,
"families": [],
"description": "The executable is compressed using UPX",
"severity": 2,
"marks": [
{
"section": "UPX0",
"type": "generic",
"description": "Section name indicates UPX"
},
{
"section": "UPX1",
"type": "generic",
"description": "Section name indicates UPX"
},
{
"section": "UPX2",
"type": "generic",
"description": "Section name indicates UPX"
}
],
"references": [],
"name": "packer_upx"
},
{
"markcount": 1,
"families": [],
"description": "Uses Windows utilities for basic Windows functionality",
"severity": 2,
"marks": [
{
"category": "cmdline",
"ioc": "cmd \/c schtasks \/delete \/tn * \/f",
"type": "ioc",
"description": null
}
],
"references": [
"http:\/\/blog.jpcert.or.jp\/2016\/01\/windows-commands-abused-by-attackers.html"
],
"name": "uses_windows_utilities"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.079202175140381,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5226,
"time": 9.125164985656738,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7070,
"time": 3.0477499961853027,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7398,
"time": 1.0163719654083252,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7726,
"time": 3.054711103439331,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8054,
"time": 1.5195140838623047,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8382,
"time": -0.10039591789245605,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8710,
"time": 1.5473911762237549,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28120,
"time": 1.049530029296875,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36504,
"time": 3.1648311614990234,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "f515c73adf4b17e5239d9049c9bcbcb9512541b4a2a1aaf6177b12e363644b93",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "4392b8cb9d91cd0fbab18c35a75ee7914386f8b83026c8b2256c28e4b2e1453d",
"irc": [],
"https_ex": []
}Screenshots
dpesythg.exe removal instructions
The instructions below shows how to remove dpesythg.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the dpesythg.exe file for removal, restart your computer and scan it again to verify that dpesythg.exe has been successfully removed. Here are the removal instructions in more detail:
- Download and install FreeFixer: http://www.freefixer.com/download.html
- Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.
- When the scan is finished, locate dpesythg.exe in the scan result and tick the checkbox next to the dpesythg.exe file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate dpesythg.exe in the scan result.
c:\downloads\dpesythg.exe 
- Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the dpesythg.exe file.
- Restart your computer.
- Start FreeFixer and scan your computer again. If dpesythg.exe still remains in the scan result, proceed with the next step. If dpesythg.exe is gone from the scan result you're done.
- If dpesythg.exe still remains in the scan result, check its checkbox again in the scan result and click Fix.
- Restart your computer.
- Start FreeFixer and scan your computer again. Verify that dpesythg.exe no longer appear in the scan result.
Hashes [?]
| Property | Value |
|---|---|
| MD5 | e72de968a25cd8364f01fef9da77be47 |
| SHA256 | 37a64fd0cb4b36b882cdc25820628d09055132455759ab662840149dd4145225 |
Error Messages
These are some of the error messages that can appear related to dpesythg.exe:
dpesythg.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
dpesythg.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
dpesythg.exe has stopped working.
End Program - dpesythg.exe. This program is not responding.
dpesythg.exe is not a valid Win32 application.
dpesythg.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with dpesythg.exe?
To help other users, please let us know what you will do with dpesythg.exe:
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.