|
|
4/5
|
File System
|
Modifies content of user files
|
Ransomware
|
|
|
-
Modifies the content of multiple user files. This is an indicator for an encryption attempt.
|
|
|
4/5
|
File System
|
Deletes user files
|
Wiper
|
|
|
-
Deletes multiple user files. This is an indicator for ransomware or wiper malware.
|
|
|
4/5
|
OS
|
Modifies Windows automatic backups
|
-
|
|
|
-
Deletes Windows volume shadow copies.
|
|
|
3/5
|
Anti Analysis
|
Tries to evade debugger
|
-
|
|
|
-
Hides Thread via API "NtSetInformationThread".
|
|
|
3/5
|
Anti Analysis
|
Tries to detect application sandbox
|
-
|
|
|
-
Possibly trying to detect "Comodo Sandbox" by checking for existence of module "cmdvrt32.dll".
|
|
|
-
Possibly trying to detect "Sandboxie" by checking for existence of module "SbieDll.dll".
|
|
|
2/5
|
Anti Analysis
|
Tries to detect virtual machine
|
-
|
|
|
-
Reads out system information, commonly used to detect "VirtualBox" via registry. (Key is "HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__").
|
|
|
-
Possibly trying to detect VM via rdtsc.
|
|
|
2/5
|
Anti Analysis
|
Tries to detect debugger
|
-
|
|
|
-
Tries to detect debugger by finding window class "OLLYDBG".
|
|
|
-
Tries to detect debugger by finding window class "GBDYLLO".
|
|
|
-
Tries to detect debugger by finding window class "pediy06".
|
|
|
-
Check via API "NtQueryInformationProcess".
|
|
|
-
Check via API "IsDebuggerPresent".
|
|
|
-
Check via API "CheckRemoteDebuggerPresent".
|
|
|
2/5
|
Anti Analysis
|
Tries to detect a forensic tool
|
-
|
|
|
-
Searches for the window class "FilemonClass" that is related to a forensic tool.
|
|
|
-
Searches for the window "File Monitor - Sysinternals: www.sysinternals.com" that is related to a forensic tool.
|
|
|
-
Searches for the window class "PROCMON_WINDOW_CLASS" that is related to a forensic tool.
|
|
|
-
Searches for the window class "RegmonClass" that is related to a forensic tool.
|
|
|
-
Searches for the window "Registry Monitor - Sysinternals: www.sysinternals.com" that is related to a forensic tool.
|
|
|
-
Searches for the window class "18467-41" that is related to a forensic tool.
|
|
|
2/5
|
Anti Analysis
|
Resolves APIs dynamically to possibly evade static detection
|
-
|
|
|
-
Resolves an unusually high number of APIs.
|
|
|
2/5
|
Anti Analysis
|
Makes direct system call to possibly evade hooking based sandboxes
|
-
|
|
|
-
Makes a direct system call to "NtQueryInformationProcess".
|
|
|
2/5
|
File System
|
Known suspicious file
|
Trojan
|
|
|
-
File "C:\Users\FD1HVy\Desktop\11.exe" is a known suspicious file.
|
|
|
2/5
|
Injection
|
Writes into the memory of a process running from a created or modified executable
|
-
|
|
|
-
"c:\users\fd1hvy\desktop\11.exe" modifies memory of "c:\users\fd1hvy\desktop\11.exe".
|
|
|
2/5
|
Injection
|
Modifies control flow of a process running from a created or modified executable
|
-
|
|
|
-
"c:\users\fd1hvy\desktop\11.exe" alters context of "c:\users\fd1hvy\desktop\11.exe".
|
|
|
1/5
|
Process
|
Creates process with hidden window
|
-
|
|
|
-
The process "C:\Users\FD1HVy\Desktop\11.exe" starts with hidden window.
|
|
|
-
The process "C:\WINDOWS\system32\cmd.exe" starts with hidden window.
|
|
|
1/5
|
Process
|
Creates system object
|
-
|
|
|
-
Creates mutex with name "Global\syncronize_P4AHB8A".
|
|
|
-
Creates mutex with name "Global\syncronize_P4AHB8U".
|
|
|
1/5
|
File System
|
Modifies operating system directory
|
-
|
|
|
-
Creates file "C:\WINDOWS\System32\11.exe" in the OS directory.
|
|
|
1/5
|
Persistence
|
Installs system startup script or application
|
-
|
|
|
-
Adds "C:\WINDOWS\System32\11.exe" to Windows startup via registry.
|
|
|
-
Adds "c:\users\fd1hvy\appdata\roaming\microsoft\windows\start menu\programs\startup\11.exe" to Windows startup folder.
|
|
|
-
Adds "c:\programdata\microsoft\windows\start menu\programs\startup\11.exe" to Windows startup folder.
|
|
|
1/5
|
Masquerade
|
Changes folder appearance
|
-
|
|
|
-
Folder "c:\$recycle.bin\s-1-5-18" has a changed appearance.
|
|
|
-
Folder "c:\$recycle.bin\s-1-5-21-1051304884-625712362-2192934891-1000" has a changed appearance.
|
|
|
1/5
|
File System
|
Modifies application directory
|
-
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\c2rheartbeatconfig.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\en-us\join.avi".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash@2x.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash_11-lic.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\bin\server\xusage.txt.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_linknodrop32x32.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_movedrop32x32.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_movenodrop32x32.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_copynodrop32x32.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_linkdrop32x32.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\images\cursors\win32_copydrop32x32.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\tzdb.dat.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\readme.txt.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\thirdpartylicensereadme-javafx.txt.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\java\jre1.8.0_144\lib\jvm.hprof.txt.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\appxmanifest.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\filesystemmetadata.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\office16\ospp.vbs".
|
|
|
-
Modifies "c:\program files\microsoft office\office16\ospp.vbs.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\office16\ospp.htm.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\office16\slerror.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0015-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0016-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0018-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0019-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001a-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001b-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-0c0a-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-001f-040c-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-002c-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0027-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0054-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0057-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-006e-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0090-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00b4-0409-1000-0000000ff1ce.xml".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00a1-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00ba-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e1-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00c1-0000-1000-0000000ff1ce.xml".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-00e2-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0115-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-0117-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012b-0409-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-3101-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifestloc.en-us.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\authoredextensions.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.90160000-012a-0000-1000-0000000ff1ce.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00004_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00011_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00021_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\packagemanifests\appxmanifest.common.xml.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00038_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00040_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00037_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00052_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00057_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00090_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00092_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00103_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00129_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00120_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00126_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00139_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00135_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00130_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00154_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00142_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00157_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00158_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00160_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00163_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00161_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00165_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00167_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00171_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00169_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00172_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00174_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\ag00176_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00010_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00790_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00015_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00853_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00932_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an00965_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01039_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01060_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01084_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\an01060_.wmf".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd09664_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd10890_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19563_.gif.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bd19986_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00045_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00148_.wmf".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00148_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00234_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00248_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00262_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00045_.wmf".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00269_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bl00274_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00224_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\designer\msaddndr.olb.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs00438_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-timezone-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-xstate-l2-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-convert-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-conio-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-environment-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-math-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-locale-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-private-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-runtime-l1-1-0.dll".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-process-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-string-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-utility-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-time-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvstream32.dll".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-stdio-l1-1-0.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvstream64.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvstream32.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems32.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01636_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvscripting.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\bs01639_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvcleaner.exe.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\c2r64.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\c2rui.en-us.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvshnotify.exe.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\crane.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\c2r32.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\appvshnotify.exe".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\concrt140.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00117_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\i640.hash.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\mavinject32.exe.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00261_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\officec2rcom.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00419_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\clicktorun\mso40uires.dll".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\ar-sa\tipresx.dll.mui".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00437_.wmf.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\el-gr\tipresx.dll.mui".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00437_.wmf".
|
|
|
-
Modifies "c:\program files\microsoft office\root\clipart\pub60cor\dd00261_.wmf".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\office16\liclua.exe.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig.companion.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\vc\msdia90.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\vc\msdia90.dll".
|
|
|
-
Modifies "c:\program files\common files\microsoft shared\vsto\10.0\vstomessageprovider.dll.id-b4197730.[seeyoubro@tutanota.com].love".
|
|
|
-
Modifies "c:\program files\common files\system\ole db\msdaps.dll".
|
|
|
-
Modifies "c:\program files\common files\system\ole db\sqloledb.rll".
|
|
|
1/5
|
Process
|
Reads from memory of another process
|
-
|
|
|
-
"c:\windows\system32\cmd.exe" reads from "C:\WINDOWS\system32\mode.com".
|
|
|
-
"c:\windows\system32\cmd.exe" reads from "C:\WINDOWS\system32\vssadmin.exe".
|
|
|
1/5
|
File System
|
Creates an unusually large number of files
|
-
|
|
|
-
Creates an unusually large number of files.
|
|
|
1/5
|
Process
|
Overwrites code
|
-
|
|
|
-
Overwrites code to possibly hide behavior.
|
|
|
1/5
|
Static
|
Unparsable sections in file
|
-
|
|
|
-
Static analyzer was unable to completely parse the analyzed file: C:\Users\FD1HVy\Desktop\11.exe.
|
|
|
0/5
|
Process
|
Enumerates running processes
|
-
|
|
|
-
Enumerates running processes.
|
|
|
