Application was dropped or rewritten from another process
- DeepDiskCleaner.exe (PID: 964)
- DeepDiskCleaner.exe (PID: 3692)
- tabreports.exe (PID: 2412)
- tabmaintain.exe (PID: 2256)
- tabdashboard.exe (PID: 3384)
- taballtools.exe (PID: 1856)
- tabcleanup.exe (PID: 2888)
- tabcarecenter.exe (PID: 1936)
- tabprotect.exe (PID: 3396)
- taboptimize.exe (PID: 2420)
- taboneclickscanner.exe (PID: 3848)
- Integrator.exe (PID: 2400)
- ns28AF.tmp (PID: 2208)
- AusLogicsBoostSpeed11Portable.exe (PID: 992)
- AusLogicsBoostSpeed11Portable.exe (PID: 3616)
- Auslogics.BoostSpeed.v11.2.0.3.exe (PID: 3852)
- ns2BBD.tmp (PID: 2084)
- Auslogics.BoostSpeed.v11.2.0.3.exe (PID: 1812)
- Auslogics.BoostSpeed.v11.2.0.3.exe (PID: 2232)
Loads dropped or rewritten executable
- DeepDiskCleaner.exe (PID: 964)
- DeepDiskCleaner.exe (PID: 3692)
- DllHost.exe (PID: 4088)
- tabcarecenter.exe (PID: 1936)
- taballtools.exe (PID: 1856)
- Integrator.exe (PID: 2400)
- AusLogicsBoostSpeed11Portable.exe (PID: 3616)
- tabdashboard.exe (PID: 3384)
- tabreports.exe (PID: 2412)
- tabmaintain.exe (PID: 2256)
- tabprotect.exe (PID: 3396)
- taboptimize.exe (PID: 2420)
- tabcleanup.exe (PID: 2888)
- taboneclickscanner.exe (PID: 3848)
- SearchProtocolHost.exe (PID: 3468)
- Auslogics.BoostSpeed.v11.2.0.3.exe (PID: 3852)
Loads the Task Scheduler COM API
- taboptimize.exe (PID: 2420)
- tabdashboard.exe (PID: 3384)
- Integrator.exe (PID: 2400)
Actions looks like stealing of personal data
- tabprotect.exe (PID: 3396)
|
Reads Windows Product ID
- DeepDiskCleaner.exe (PID: 3692)
- DeepDiskCleaner.exe (PID: 964)
- tabmaintain.exe (PID: 2256)
- taboptimize.exe (PID: 2420)
- tabprotect.exe (PID: 3396)
- tabcarecenter.exe (PID: 1936)
- tabcleanup.exe (PID: 2888)
- tabreports.exe (PID: 2412)
- taballtools.exe (PID: 1856)
- taboneclickscanner.exe (PID: 3848)
- tabdashboard.exe (PID: 3384)
- Integrator.exe (PID: 2400)
Reads the BIOS version
- taboptimize.exe (PID: 2420)
- tabprotect.exe (PID: 3396)
- Integrator.exe (PID: 2400)
- tabdashboard.exe (PID: 3384)
- tabcarecenter.exe (PID: 1936)
Low-level read access rights to disk partition
- DeepDiskCleaner.exe (PID: 964)
- tabdashboard.exe (PID: 3384)
- tabcleanup.exe (PID: 2888)
- tabmaintain.exe (PID: 2256)
- taboptimize.exe (PID: 2420)
- Integrator.exe (PID: 2400)
Searches for installed software
- tabmaintain.exe (PID: 2256)
- taboptimize.exe (PID: 2420)
- DeepDiskCleaner.exe (PID: 964)
- taboneclickscanner.exe (PID: 3848)
- Integrator.exe (PID: 2400)
Creates files in the program directory
- tabprotect.exe (PID: 3396)
- tabcarecenter.exe (PID: 1936)
- taboptimize.exe (PID: 2420)
- Integrator.exe (PID: 2400)
Reads the machine GUID from the registry
- DeepDiskCleaner.exe (PID: 3692)
- tabmaintain.exe (PID: 2256)
- tabprotect.exe (PID: 3396)
- taboptimize.exe (PID: 2420)
- DeepDiskCleaner.exe (PID: 964)
- tabcarecenter.exe (PID: 1936)
- taballtools.exe (PID: 1856)
- tabcleanup.exe (PID: 2888)
- tabreports.exe (PID: 2412)
- taboneclickscanner.exe (PID: 3848)
- tabdashboard.exe (PID: 3384)
- Integrator.exe (PID: 2400)
Reads Internet Cache Settings
- Integrator.exe (PID: 2400)
Executed via COM
Executable content was dropped or overwritten
- AusLogicsBoostSpeed11Portable.exe (PID: 3616)
- Auslogics.BoostSpeed.v11.2.0.3.exe (PID: 3852)
Uses NETSH.EXE for network configuration
Creates COM task schedule object
- AusLogicsBoostSpeed11Portable.exe (PID: 3616)
Starts application with an unusual extension
- Auslogics.BoostSpeed.v11.2.0.3.exe (PID: 3852)
|
Reads Microsoft Office registry keys
- Integrator.exe (PID: 2400)
- taboptimize.exe (PID: 2420)
- tabmaintain.exe (PID: 2256)
- taboneclickscanner.exe (PID: 3848)
Dropped object may contain Bitcoin addresses
- Auslogics.BoostSpeed.v11.2.0.3.exe (PID: 3852)
Manual execution by user
- AusLogicsBoostSpeed11Portable.exe (PID: 3616)
- AusLogicsBoostSpeed11Portable.exe (PID: 992)
- cmd.exe (PID: 2768)
Reads the hosts file
- Auslogics.BoostSpeed.v11.2.0.3.exe (PID: 3852)
|