1.exe
Windows Exe (x86-32)
Created at 2019-07-08T08:36:00
Remarks (1/1)
(0x200000e): The overall sleep time of all monitored processes was truncated from "10 minutes" to "10 seconds" to reveal dormant functionality.
Remarks
(0x200000c): The maximum memory dump size was exceeded. Some dumps may be missing in the report.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: 1.exe
196
1
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\1.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\1.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:28, Reason: Analysis Target |
| Unmonitor | End Time: 00:04:37, Reason: Terminated by Timeout |
| Monitor Duration | 00:04:09 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa80 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DEC
0x
E64
0x
388
0x
4BC
0x
D94
0x
E38
0x
60
0x
368
0x
A84
0x
D54
0x
9FC
0x
D6C
0x
EB0
0x
E3C
0x
F0C
0x
FF8
0x
C58
0x
FD0
0x
BB4
0x
EBC
0x
3CC
0x
F70
0x
8E8
0x
D9C
0x
7A4
0x
FE4
0x
FE8
0x
3FC
0x
E5C
0x
DA4
0x
F38
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| microsoft.visualbasic.ni.dll | 0x7FF910B00000 | 0x7FF910D16FFF | Content Changed | - | 64-bit | 0x7FF910C57430, 0x7FF910B48540, ... |
|
|
|
| microsoft.visualbasic.ni.dll | 0x7FF910B00000 | 0x7FF910D16FFF | Content Changed | - | 64-bit | 0x7FF910C59C50 |
|
|
|
| buffer | 0x7FF8B32BB000 | 0x7FF8B32BBFFF | First Execution | - | 64-bit | 0x7FF8B32BB000 |
|
|
|
| microsoft.visualbasic.ni.dll | 0x7FF910B00000 | 0x7FF910D16FFF | Content Changed | - | 64-bit | 0x7FF910BFF320, 0x7FF910C18B70, ... |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90EC69AC0, 0x7FF90ED070A0 |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90EC6BAD0 |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90EC6A035 |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90ED0B180, 0x7FF90ED3E9F0, ... |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90ED086E0 |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90ED1AA40 |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90E66F9E0, 0x7FF90E653A90 |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90E8BCA90, 0x7FF90E8F0770, ... |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90E670260, 0x7FF90E8C4520, ... |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90E68B8D0 |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90E66D790 |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90E66EF70 |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90E8E85C0 |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90EB4C960 |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90E671170, 0x7FF90E67FBE0 |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90EC6CDC0 |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90EC6D000 |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90ECEE680 |
|
|
|
| system.xml.ni.dll | 0x7FF90E570000 | 0x7FF90EC18FFF | Content Changed | - | 64-bit | 0x7FF90E8BDC90 |
|
|
|
| system.configuration.ni.dll | 0x7FF90EC20000 | 0x7FF90ED66FFF | Content Changed | - | 64-bit | 0x7FF90ED0AF10 |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\Desktop\desktop.ini.ExpBoot | 282 bytes |
MD5:
9e36cc3537ee9ee1e3b10fa4e761045b
SHA1: 7726f55012e1e26cc762c9982e7c6c54ca7bb303 SHA256: 4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026 SSDeep: 6:QyqRsioTA5wmHOlRaQmZWGokJqAMhAlWygDAlLwkAl2FlRaQmZWGokJISlfY:QZsiL5wmHOlDmo0qmWvclLwr2FlDmo0I |
|
|
| C:\Users\FD1HVy\Desktop\1.exe | 282.50 KB |
MD5:
92e2dbc6f65417ffb5119d848726f8d3
SHA1: 5602e640d2d5462cb7b018cacb0e76b727193dbd SHA256: 667bf4d26482bbf661465f884bc9a72bb6bc5b0c32e11f89e57c499000648852 SSDeep: 384:NnPoN10YAo6ygLPgv5ddVfsyK2eQ31LChPfid0aYoBTLZvP96ucAtDv:NnPoN10Y1kLPgJVfpoaRTLTVv |
|
|
| C:\Users\FD1HVy\Desktop\8WcJMOCyU36SQs.avi.ExpBoot | 46.49 KB |
MD5:
93620fe62535671356d037434b6d8b72
SHA1: 0388736e2ba6bf4e235591162c1ab41430b28c48 SHA256: 250abe596a87250cf6a41a9bf7dd7fd9c0481374f5511ff1bfc087bfd9b08877 SSDeep: 768:5ilRh2EkJ/pvoHty62WO9JxBfwib6fOZDHWLQ5Jwd0KA3CdtKYvoQkkIcxhVhKwP:iRh2hJ/pyty6zO9JxBfx1wLLpECnKYgC |
|
|
| C:\Users\FD1HVy\Desktop\9c2-ypcFYWLIeg3XA.ods.ExpBoot | 31.53 KB |
MD5:
4d557dc8f5230cd1a5b8e8341d2ef398
SHA1: d7855d25876b70d2b8a33347f2c97e4943356ccf SHA256: fddff64c8e26900b3f39bed3601f1ec9ad382be700e1d706d7b270f7244fcc79 SSDeep: 768:f6/PxDK96+MhKzpVrXwcgMNEDq2IUgsm5NPit9YcLfU:f6/P1K9UapdXwcgMq1Td+PiwoU |
|
|
| C:\Users\FD1HVy\Desktop\a_D9CRDPR.png.ExpBoot | 10.11 KB |
MD5:
4e0fd7b228bf47112568f41e338f572a
SHA1: 6286a6a441b9ea4caa0b0d9c659a5d1c17dc594e SHA256: 0181c6623a40454520d5ea6450de97c503517dd477cb194fab8f2cf288435ffa SSDeep: 192:IGIt2t/n98aoTT0GcpCZa5mlxc6zXoy9uEK8cApgp0mPkSs4C8wARb6G:IIt2T0GcJ8XzYSNOp0mcdqN |
|
|
| C:\Users\FD1HVy\Desktop\BA7JI3cTMRJ4h.pdf.ExpBoot | 55.29 KB |
MD5:
7f20694aaee2c7adbbf1d12506aa3bc6
SHA1: 93f159cc702ece89cbc4c26a46093cd4191feb9a SHA256: 1ed3e36c4a3470b362725d05c37c1546eb2b0e8a57776aad62b3f214e8d59780 SSDeep: 1536:s8yqJJtKfPkVLuAze9DCNUL+Ryjm15YWCHU1R:5yQdVLuAze9DCNUoyjm15YWmUT |
|
|
| C:\Users\FD1HVy\Desktop\CgrQkLIQz0lZ2.pps.ExpBoot | 88.08 KB |
MD5:
78ef6fa4e0584c67a9b4c2f1baabb33f
SHA1: 2dbe8ce740c1ff5ee252079eca3f67f9a0706b8b SHA256: 9ddfebe371d02209a6a46cf531028cf2288aa3b22eeb9195895e0b1934c62ae3 SSDeep: 1536:GTSKyKrzWLNaWOS8wLtrvgi0PhBXgDAHDB5V1JpjXSUrlBjMY2sVxTpe9znZDf2D:EP9rzWnOrw98/Xrd5Fpj5LjMY2szp0J6 |
|
|
| C:\Users\FD1HVy\Desktop\fYaDGVBil0NzBhlj3.avi.ExpBoot | 38.24 KB |
MD5:
097786e76029e230331566db7d772a1f
SHA1: 9e2335738682cc8dd4ffc07cce2d0dbe9c848754 SHA256: 88ca32f59138e8b80580f75dc3503f3724779e7db2277e7d9a0989a0b11eaec0 SSDeep: 768:2Dft75z41BMqfIiwm5LuXnV0pceCugYu+rH1qfjB+VuDROYbUtVOJCYg:2DfLz41BM6nJpTCZ3+xqfF+odOYbUrQg |
|
|
| C:\Users\FD1HVy\Desktop\h9CMoVeEQ6j2G-qWqDP.swf.ExpBoot | 51.42 KB |
MD5:
3c81a53deb349995cf1463eb2fc95067
SHA1: 5d2f0e79f4798923641bdf106ac6f26524bc559c SHA256: 025d27eab73a054d7ad71bda9a97b4f9c583ddc83f6a36bfa0c80df053dffd44 SSDeep: 1536:oU8ZAsh7fkV8OfKiIuov4hePB9i+38XfqOm:oU8+eAV8OfATQoT38vFm |
|
|
| C:\Users\FD1HVy\Desktop\hd2ec9ed2oX.mkv.ExpBoot | 16.49 KB |
MD5:
e05e1e69afb78a09ad58d589c39cf5f0
SHA1: 2eb6d9c883c06606e916f477fd1a1824d4037c43 SHA256: 7ebe07f88f57dfefa775c481fb529ea1fe1faa63263c8dc5f0485e3f30c6ff90 SSDeep: 384:cIKtq1jtTWl3cbDF2X+eNyWxgfeNfhkmECbQR1a02A1bt:XL4cbBvO/pH01ae |
|
|
| C:\Users\FD1HVy\Desktop\HozGE.jpg.ExpBoot | 56.83 KB |
MD5:
d3a6c4f1c9ce05aa9e855044ca5b8c3c
SHA1: 7a6886ef6ffc3181ed7ceecc25f4f9b6bd958d03 SHA256: d89e71ede87a54f390c6dcc379f789634a40ebdea08b8bf034b6011c361f6184 SSDeep: 768:VXc3DSCv/bx4LPneFrNBfhu2n5vngyXT+BAKkcV2kkj/9skUaAXQQgtAGf1sx0nJ:5oHv/V4utuGokxYjgQ2AG9Xg0Pr/6V6 |
|
|
| C:\Users\FD1HVy\Desktop\jTEJ6.bmp.ExpBoot | 75.78 KB |
MD5:
f9104009f523cc4cd5420229fc863dc2
SHA1: e7df602d31bbf9953add68facb7dbe1dba05e47e SHA256: f5768688ce5b649fec6ea1dad8d602cd419a67e63c513189e7cc248273449d98 SSDeep: 1536:5tLe6r7JD+jK9k4SpiV7Tb2sdygCGqpxDmoNA6MfL8jsavUHfJHXo2rYT5C:TpD+jK97NV7tdyGuxqoNFMf+vUHRXprn |
|
|
| C:\Users\FD1HVy\Desktop\ku1 KIfx.flv.ExpBoot | 24.69 KB |
MD5:
2bf18f3a4349281fcc9c1b6abe8748bc
SHA1: a312ded9763871a9858442dcab531e9c467ad8d4 SHA256: 3951aff1accf0bb7d4c6c0dbdcaeb893bfb6e3a7f141ad083e2a7266a6cf889e SSDeep: 768:1vvb5S5enM/p5FJL+IV4uFLcpYslwMZ7Ov64X:1nb5QL5v1FLcCslwMZaFX |
|
|
| C:\Users\FD1HVy\Desktop\ldaCKx67JbQ3sJHR8M.jpg.ExpBoot | 15.34 KB |
MD5:
2a380d06e8afb3f11e3b3f9babf48258
SHA1: 0b2286deaa76f8b099551fcbffb5aae1e0175dde SHA256: 5cbb3fddfd06727467f9911ffd76524853475e08cbe04f667c545d99847d9544 SSDeep: 384:bbOxiLP5zqrEfYKIrKZogUb68Y7zxmdtLO6qnI0TX:b6xO5xcrKZogAdY7zxmdA6sTX |
|
|
| C:\Users\FD1HVy\Desktop\Ld_pVH-5zRJILm7VCGGp.pptx.ExpBoot | 81.93 KB |
MD5:
a72db089ab3cf83cdc9568dea250c7d3
SHA1: a7274ad4e735d86ac31a757b505c67ada4f59972 SHA256: ed966048ba3bd036629a463eb63611985a4bc9a035b13f7f3f7302ec43295313 SSDeep: 1536:gxkMnfuY4uEJljkVzI43olTH3/p9AbK7+tMgRViCbOCcH21mHzf5U:jY2IgJkJ3SDgKyzRsCbOCc2mHzm |
|
|
| C:\Users\FD1HVy\Desktop\MIpEiKi.mp4.ExpBoot | 44.44 KB |
MD5:
e33accab0e7219067ace5c203dc5e422
SHA1: ba1b5edb138aedc6f6e6c164ec10fe6d7a9b0265 SHA256: d1a0ed56dcb0ef6b10b50be6fdf5390a919a8e41f2918756b31ccdcff26af20f SSDeep: 768:aUUKyBQ2I5zBLidx+hVW2mGRJOoTJGMvs0ZOImUeozps4jKQiB0:aayBQp5NeP+hc2RUolGwsO9eWpsR0 |
|
|
| C:\Users\FD1HVy\Desktop\mOC9xrR8kF8icKq2P.xlsx.ExpBoot | 30.73 KB |
MD5:
dd86c6625cd7598811f7ca55020607cb
SHA1: 8bd2e882631510d37a0fad4c1f298b6c8ee9534c SHA256: 92b688e5dea45d90e249b6557cbe2a9647587377a27215924bb60decde62fab6 SSDeep: 768:3d7dNkSAIy9cDJ5rSYUbpIhKq/rIjJdSrkxrIAGHp:3d7bkSzgObO/q/c1dqkVO |
|
|
| C:\Users\FD1HVy\Desktop\ovNvqgDV4bW7z0IHCgr.gif.ExpBoot | 99.17 KB |
MD5:
c53def729b19416cd155d2c812ca7367
SHA1: f995cc2bfe197e5fce4fe19447812e829e718873 SHA256: e9be7b3051d31d78dcdfbacb19d0d040d620cd501e4faa6649a9dd336eef42e0 SSDeep: 3072:UP0NDfbtkRLGHOQFOIwTdd819g1egyCcFi8Ahsted:UPU/tkRyFg09vn4UAd |
|
|
| C:\Users\FD1HVy\Desktop\O_-mk.mkv.ExpBoot | 10.17 KB |
MD5:
426cfba46edf97796fe14cb9862c9d0e
SHA1: 10a9a14c8582f102fb9a9f79d454b56f0dade526 SHA256: c6a9a5c7ae131657a7eb5a66ba3d9a0c32a9bdeb0a2641a50566b857127adfa2 SSDeep: 192:chlQ7wCz0xCHL9QbO0gT+bnlQu6twonYy6iZ4eJeTaDHJ6bt:cjQ8CoCQq0DOumnTZ4eJDDH4 |
|
|
| C:\Users\FD1HVy\Desktop\pfKpx6D8Gx7Y.avi.ExpBoot | 8.33 KB |
MD5:
2b3420174156059a495ef3400664a2fc
SHA1: ebd2c5af421a86a745bd0346f9d22f70ba551ee4 SHA256: 06d4ab5737d19da6f6e92931fd75cfa5be8b7a903c5bbfa85566210154d112f5 SSDeep: 192:KtB51YPOXKWkz+6C03hV5V16aSWaH1jpKmZbYzY1rGLC6:KLkGK+M3l6apaVFKmb+krYL |
|
|
| C:\Users\FD1HVy\Desktop\PQgDWVjAw.wav.ExpBoot | 28.82 KB |
MD5:
b0246943026170edae3633659efaa288
SHA1: e7a0dbaf611f8e6e9758be268d29267fe76da893 SHA256: 4418d8a64f87f7995d06928fb5828a92c31200165230608026facb6017613080 SSDeep: 768:Hu065OO9Y5j36K0XJrJ8Wt5lE3gS2QTudbtgyub:OZb+30XJrJ8m5s+btI |
|
|
| C:\Users\FD1HVy\Desktop\pQgp1D6KPN80schOQB.swf.ExpBoot | 55.91 KB |
MD5:
f982660dc55bbf399f87bf7eed7b0f28
SHA1: 76a20b8c8dae0954279b69f7c0d8fc9b6303ca53 SHA256: 8d79d324cf60f531d71d4b574856fd25f61b42c1da62227a2746119b4802a9f1 SSDeep: 768:7n4XegDio+bwbdze4Qd35TrzlW/ogNMT1t9wc6DsuN5yLmlBPfJLgBTGWFBDmXtc:Tw9bEnZW/ogWBticKSmltRL6UyqoH |
|
|
| C:\Users\FD1HVy\Desktop\Q1gjdR.png.ExpBoot | 29.40 KB |
MD5:
f6a0a95dce4186a87227bc3320dff9d6
SHA1: c18ef2e93e7416ee6566083eeff3c4adad52aba7 SHA256: c70f4d27738ecca9b57f294b0eb855cfbc92bf51b92d2cf88c54734dbf2b3fac SSDeep: 768:4W1oeFrSiRkWfmiwK8eBmvVIXfq5HRDb4GI4gl+VQIN12yK:4VWg+miwK8Wlv2De4glWQjyK |
|
|
| C:\Users\FD1HVy\Desktop\qe9v3LHbGI8rMK00Muf.jpg.ExpBoot | 61.68 KB |
MD5:
9de9a41f4f09a4ee55002cc614c898cb
SHA1: 04c56b6819543cf8da1af654d83e7d2f96473d2c SHA256: f02c8a1cdabf89875150eb2448fcddc9a8fad5c0220b734c2e9b4e954f6efc93 SSDeep: 1536:skKDiFT21rnvChYzb6HxlkhMP3pyxAQTdL:skyiFovC2zb6R15od |
|
|
| C:\Users\FD1HVy\Desktop\QpiwymL5YGMVm1y.mp4.ExpBoot | 94.89 KB |
MD5:
5e7c3bf338e4bf77dabf67ae2093f0ab
SHA1: 1f97cd1a4afcf3f6a7a7c46049130610dcaa7205 SHA256: 61b3548880dc2a4f1da22a8547d2be5c4b04264ea3226bda2770f2b32b654c85 SSDeep: 1536:3gFOjmVpGmzExMySyKfr31b1mV0V7DrfGPIOXnSFGU4rA98szbAW57Z7dYoIoBxa:yjGmzExJOrxyI7fudxUXiWBZRYoIka |
|
|
| C:\Users\FD1HVy\Desktop\qQ0ihNXR-CCLMyH.wav.ExpBoot | 54.50 KB |
MD5:
a5aac8c3b5e9e5552fce68264f74d1e1
SHA1: b49a3aefb8cba44df602024387b835a94e9ff23c SHA256: cea5f841dec33d22effa955f4f665cd44636c4354c223ed6f8bf91c721401e68 SSDeep: 1536:DTKm4Mnv/ukWX3Ngcq5k3RHEoUrYUJBWHaa:nv/cX956QRHEBVBWHaa |
|
|
| C:\Users\FD1HVy\Desktop\r8sTqIZeHhIQPVev_zV0.m4a.ExpBoot | 13.61 KB |
MD5:
823fe452ea2012dee79c039934d6c5a6
SHA1: b8c9bd7d61eddae4ab89377dd6c89685cd75213b SHA256: 92b3b5fcc5460db4ba12c8dcdefd7074788c53b189af5b1075f10946d4341417 SSDeep: 384:wk92U+rOF71r334XYgjhYneVI4J711Ed0vNyPHXm:Don2JaYGnN11XYPH2 |
|
|
| C:\Users\FD1HVy\Desktop\RK jZvNzjIRnj.csv.ExpBoot | 55.06 KB |
MD5:
ea1bc2ef959c09636a3e197085932b6f
SHA1: a06113008ea0f96c9f8993e36b209a8306e3787f SHA256: 22079442088a8db38689d0b74f32af3efce713cc9e8d653e84625d89a17fa09b SSDeep: 1536:kE6vaDtRJy1ogishInZOImkqAtiwzC+iB62xsk:Wv49IkkkqAcahiBFxd |
|
|
| C:\Users\FD1HVy\Desktop\SoO6_TndHwqgpH06wekk.jpg.ExpBoot | 74.96 KB |
MD5:
3e3efb720b01af5bddbc0b02fbcab629
SHA1: 19f64e133e49e63118514996d7b3a5504821f184 SHA256: e077547e7bc9aa6a13977464bc14bc4f0eab37a863ed984ac7c35d35fc87df2b SSDeep: 1536:708rKpIEnGI7rgcYBfofuOKRXvifL0fLh+RhdpqIFd9iqfmzuBIOAMjzXh:700iIYiBquOKRfiz0fLh4/1WsNAM/x |
|
|
| C:\Users\FD1HVy\Desktop\t3yb5GgQMP9vKS0.png.ExpBoot | 10.05 KB |
MD5:
e0540e1ef3a23754eac954c7080d0972
SHA1: 0831cd8a79d80e49f61f8d54c08096c1ecb3f951 SHA256: c7e4bebfc2383c4bf517a7e78bf9c7bb14e3e6580e7529e18d210011b7ab0998 SSDeep: 192:TOBPcsqeaYTIc6s5Tl0udHP27ADN0qbAwsxKjN4vQdZ0I8mmJ5RN9yPV4gZ1Vp:8PcludusiqbUxVQd2I8FJ5Rs2i/p |
|
|
| C:\Users\FD1HVy\Desktop\vJ1-MfJkhBSpSFeJ.png.ExpBoot | 5.17 KB |
MD5:
a9abab10d14175445015a12d53ebfb8e
SHA1: 2218b4a8c039b1a81a1cb77a1987474c2824a882 SHA256: d9eed67cd590c04498ff7979cd999a5575a8a5c1bd2ea3179c2e1f60d7f3cfa3 SSDeep: 96:HkSjb1Yh0zlBRVtoSx/lmbSdn2Nk/FYc5cBOq/wj5/+bWO9GiC7xH1MllzhvrbvA:H9j5YhqRXNlcSP/6IvKwAW/iCnCzhv34 |
|
|
| C:\Users\FD1HVy\Desktop\w pXgFC-sXn.ods.ExpBoot | 1.11 KB |
MD5:
3d7da634fc913683d08609f3f20b372c
SHA1: 12800a515ee6e955350a9163c9627d80f542025b SHA256: 0963b445603accd0f4092197a3d151126c26535e03b251007a97191c4c0a4c44 SSDeep: 24:93YbwGyZX2BqLbEevYVdkidtA/kh6J0qYtwEwFioJj6aWg:9FBssEdPkW4k20aiU2A |
|
|
| C:\Users\FD1HVy\Desktop\Wv Oe1C5Y_GD.mp4.ExpBoot | 79.69 KB |
MD5:
9d952dd00448b15737a23058e473535f
SHA1: 65941e79a8cb6f30a6cee8ce60819ebdfa14c080 SHA256: 811dc94e47d74e20d23c273d9f4dbf75d356ac80dd5ffc6f0988eedce7983b67 SSDeep: 1536:MqtX2FZIc5bo2t5yaPA7nIAf2b/cE9sunvDhipmdHvpNXVyZpjWU8i6vkW0zU:T6acH2asIFkEmAhKSHxNF8dAiPFzU |
|
|
| C:\Users\FD1HVy\Desktop\y0Xvagb6grIAd-.docx.ExpBoot | 11.48 KB |
MD5:
2f188393ba67e93a514dfa4148328a7b
SHA1: 61d825bb5dff50633de8656bfb7d5517eaa3da44 SHA256: 824d1cd61a258fdd64c9c1b49650e417fdcd70633e133d244cf46e80f9b75e9c SSDeep: 192:DzqO64XV4nOUtFgl5LO1leX8zGZkcVm4Tba053xQRe37YEaHOeCJ7HJZN:Dzn64Ggl5LO1wMWtLQ6+Oei7HJD |
|
|
| C:\Users\FD1HVy\Desktop\YII1PL2Um28O.m4a.ExpBoot | 59.12 KB |
MD5:
d444a13215642011e00151c2cd4683fd
SHA1: c8baeab7f2b01e980c974fc4b7e2e28fc29bb7be SHA256: de70c5721165c9e6fba9860672fcfd8c487cb6364c134e50ab7a45bd64fbaa6a SSDeep: 1536:YlcoKyeKNVlFTlVLYCS1yyN66BJ7byt+4yTytYyAK:YlcoZtTl1W1NX6ASYy5 |
|
|
| C:\Users\FD1HVy\Desktop\ZbZuSMdlE9Dn9DP.wav.ExpBoot | 94.79 KB |
MD5:
4c9aa77fe134160dfb8750d8722779a8
SHA1: 631a788f8b09649577fb787e0332c466748e0684 SHA256: 82c4790eb0a34304eddb26427d3ac6bf48d82484483c0f51e16496f651e48ecc SSDeep: 1536:wMkfuN0x9D0D3qc7x0xTktDpzusecS3wde8RDdaZgEq5eP2heQ38NJxprqm/x4Tf:wMkfgEwD3pxITktFzucS3r8R4yFheYgi |
|
|
| C:\Users\FD1HVy\Desktop\ZSkSTgdDntNRyKz bDBc.mkv.ExpBoot | 8.99 KB |
MD5:
781d287608472979831da4d765ef09f3
SHA1: 7602c21abfdd325ff5418a84dc15a03cde7bf807 SHA256: ce0da6a4bae5efbf64072f108bc1464d81c65f7fc01d6243d34193bd0c663b85 SSDeep: 192:cRz8FXPkwWK8OopHkFOpeY5HfMQ0kKZHcL+am68O+9:cRIFXPmfpHkFOpJD0kSLt9 |
|
|
| C:\Users\FD1HVy\Desktop\_gmTsQPZ.gif.ExpBoot | 74.83 KB |
MD5:
202a493dd1c212e47e95d89a22910b12
SHA1: d046d45a45dcbc710b0a3c204aed86e3f3cb2d34 SHA256: 2baefbfc849b331031519c8bb27f9871f500a30b21e99cdf4e612e110a5dc1e7 SSDeep: 1536:jSYgeaJcEXo0EOLpnxMfgPWpKhiyh7X6zpBMPPy24YQINlR:jSY0/EOlncuzh76lBMPPzNxX |
|
|
| C:\Users\FD1HVy\Desktop\k05nQEm\6FVLP4K.m4a.ExpBoot | 38.27 KB |
MD5:
e711f96b2320efb2b13cc724a0dc58d4
SHA1: 54ba375d49fa6d75dcec3e85bb0c082cc39a1cbd SHA256: 32f8487649623a304836dbdd775e00cc735c8b12d0b261420e75ee587ac05263 SSDeep: 768:4GgFrmxtayzZeszk3nZKZhd5XJWUG/5b5DxNT295dmjhfNGz5fir9:44xHJEQRd85b5l0/cjVNzr9 |
|
|
| C:\Users\FD1HVy\Desktop\k05nQEm\CrIJQ8.ppt.ExpBoot | 22.07 KB |
MD5:
13bc90115df8044fe4514dabb4c3dcbe
SHA1: fa272612925d95294c54409ab74fd0202fb061a2 SHA256: e9cd7d1203381c7bddeceac697dd52118d76b7ee8c0ce7c11d39ec511224c964 SSDeep: 384:i0dy4FYhSKW0M9I6GKH2QeKOE5+F82/0gqld7eyLDCborER6ea8Ev5+9ySQtaYt:i0g4029I6XHleKOEUWq0gqD7JLDCboIe |
|
|
| C:\Users\FD1HVy\Desktop\k05nQEm\FJtLY-_upU2gDCES.wav.ExpBoot | 46.40 KB |
MD5:
cb8b4370dcba851417f31828da7c04b3
SHA1: e12cd3f26bbbd29076a458099f537641a688888c SHA256: ee46b98695436af073a3377bd465eaa29cd15e14a0ce76064c02044c802e52b7 SSDeep: 768:obCHtCnhrHuNRpSJOQpTv8SsxdVyRC6dAHk4BoLX1wEoNEjQ+fjs9ze7hCB:oGyhrOxp6z8SsxaCFEdlwNejQ+fj0zfB |
|
|
| C:\Users\FD1HVy\Desktop\k05nQEm\JaPPbk.png.ExpBoot | 38.14 KB |
MD5:
01f5ded44dcef649c39e85b436baebba
SHA1: c293e1a6e941038b3da48216f073c94f282aaea1 SHA256: 3ac5a96680d6897f722901cdea314c47f7cb175bff6b02232197fb5591508297 SSDeep: 768:Hta08XCeB9EK2s1PYRLCOC7hQNpUltidpdposoYwyTnB8:Hta1XCesVuYRLU7i5dpdpsYvLB8 |
|
|
| C:\Users\FD1HVy\Desktop\k05nQEm\NvFYUcJ0UacKW.jpg.ExpBoot | 1.36 KB |
MD5:
048c3be0e5e8e1d3a51b779c7c8928d8
SHA1: f0e66c04c4b184b89517c4df9a5d051371756daa SHA256: 9f470de7f3fe9b4ad8fae9f6e37dceee52c0ed6aa4c321c013d1dd2cc74bf037 SSDeep: 24:2SuhbA9VxTTn/xWhJTZ8YN7EkmrtaD12ouYWwmRZ3JXnAXg8oTW1Vun:ch+3/c3E1rQ12oDmR3wFoTW14n |
|
|
| C:\Users\FD1HVy\Desktop\k05nQEm\p-9n.mp3.ExpBoot | 90.75 KB |
MD5:
1229db6ad09de9a6950406d8af62ea79
SHA1: 62fe56eadb82e7ba9f53fb62dd6dc26e873f1c0a SHA256: 342978310529b4b72e5b3db18ace41adb9bd328403522da13b42ec84b9ad4880 SSDeep: 1536:13UE229H29llsn47jH0Bs00l6DQ83DiAJxoAJdJb+dYneBl0PyCRd7eui:1kU9H2nlqBs00l6t3DXJ/JmWeP0aCvi |
|
|
| C:\Users\FD1HVy\Desktop\k05nQEm\sGT Wju3.gif.ExpBoot | 8.25 KB |
MD5:
94b27c3ca12c99ae760aa8c476cdcc60
SHA1: 86cb5f27496bdf14d6a28a7ea34e80dae59c20fd SHA256: 4f1a989265a4505c2183fa481484f16f03dc7fd58bd1a2b0941ba6faf5c055f4 SSDeep: 192:7L8F+SqrBLNcSn4nkrkvZYkvjvBXV/xkww68gocJO36IHyPMu:7L8YSaBxc5veMWRcJO4Mu |
|
|
| C:\Users\FD1HVy\Desktop\k05nQEm\Zyb FWFVcKfpD0DWhgcC.m4a.ExpBoot | 48.02 KB |
MD5:
579d7349302b9a8079438b1d5bd2c2ae
SHA1: 391b6492b408f6c323f1d105cae63ee86a5c5119 SHA256: c028300e4f27cfd71cbdddd647e6b85f6270a232c6c736f96d71668893ed9489 SSDeep: 768:HrS7YLxzYIuCCzWzoh+GpBYOtonhWy8QB8Yo5mLtJcZ0Bd9GfzZed/KOeGgOonx2:HtOqCilWBygFA8Ktz5gZOmXoiC |
|
|
Host Behavior
File (63)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Get Info | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config | type = file_attributes |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config | type = file_type |
|
2 | |
| Get Info | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\FD1HVy\Desktop\1.config | type = file_attributes |
|
3 | |
| Move | C:\Users\FD1HVy\Desktop\1.exe.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\1.exe |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\8WcJMOCyU36SQs.avi.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\8WcJMOCyU36SQs.avi |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\9c2-ypcFYWLIeg3XA.ods.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\9c2-ypcFYWLIeg3XA.ods |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\a_D9CRDPR.png.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\a_D9CRDPR.png |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\BA7JI3cTMRJ4h.pdf.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\BA7JI3cTMRJ4h.pdf |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\CgrQkLIQz0lZ2.pps.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\CgrQkLIQz0lZ2.pps |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\desktop.ini.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\desktop.ini |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\fYaDGVBil0NzBhlj3.avi.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\fYaDGVBil0NzBhlj3.avi |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\h9CMoVeEQ6j2G-qWqDP.swf.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\h9CMoVeEQ6j2G-qWqDP.swf |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\hd2ec9ed2oX.mkv.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\hd2ec9ed2oX.mkv |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\HozGE.jpg.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\HozGE.jpg |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\jTEJ6.bmp.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\jTEJ6.bmp |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\ku1 KIfx.flv.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\ku1 KIfx.flv |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\ldaCKx67JbQ3sJHR8M.jpg.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\ldaCKx67JbQ3sJHR8M.jpg |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\Ld_pVH-5zRJILm7VCGGp.pptx.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\Ld_pVH-5zRJILm7VCGGp.pptx |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\MIpEiKi.mp4.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\MIpEiKi.mp4 |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\mOC9xrR8kF8icKq2P.xlsx.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\mOC9xrR8kF8icKq2P.xlsx |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\ovNvqgDV4bW7z0IHCgr.gif.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\ovNvqgDV4bW7z0IHCgr.gif |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\O_-mk.mkv.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\O_-mk.mkv |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\pfKpx6D8Gx7Y.avi.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\pfKpx6D8Gx7Y.avi |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\PQgDWVjAw.wav.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\PQgDWVjAw.wav |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\pQgp1D6KPN80schOQB.swf.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\pQgp1D6KPN80schOQB.swf |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\Q1gjdR.png.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\Q1gjdR.png |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\qe9v3LHbGI8rMK00Muf.jpg.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\qe9v3LHbGI8rMK00Muf.jpg |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\QpiwymL5YGMVm1y.mp4.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\QpiwymL5YGMVm1y.mp4 |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\qQ0ihNXR-CCLMyH.wav.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\qQ0ihNXR-CCLMyH.wav |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\r8sTqIZeHhIQPVev_zV0.m4a.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\r8sTqIZeHhIQPVev_zV0.m4a |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\RK jZvNzjIRnj.csv.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\RK jZvNzjIRnj.csv |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\SoO6_TndHwqgpH06wekk.jpg.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\SoO6_TndHwqgpH06wekk.jpg |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\t3yb5GgQMP9vKS0.png.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\t3yb5GgQMP9vKS0.png |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\vJ1-MfJkhBSpSFeJ.png.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\vJ1-MfJkhBSpSFeJ.png |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\w pXgFC-sXn.ods.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\w pXgFC-sXn.ods |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\Wv Oe1C5Y_GD.mp4.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\Wv Oe1C5Y_GD.mp4 |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\y0Xvagb6grIAd-.docx.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\y0Xvagb6grIAd-.docx |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\YII1PL2Um28O.m4a.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\YII1PL2Um28O.m4a |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\ZbZuSMdlE9Dn9DP.wav.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\ZbZuSMdlE9Dn9DP.wav |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\ZSkSTgdDntNRyKz bDBc.mkv.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\ZSkSTgdDntNRyKz bDBc.mkv |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\_gmTsQPZ.gif.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\_gmTsQPZ.gif |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\k05nQEm\6FVLP4K.m4a.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\k05nQEm\6FVLP4K.m4a |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\k05nQEm\CrIJQ8.ppt.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\k05nQEm\CrIJQ8.ppt |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\k05nQEm\FJtLY-_upU2gDCES.wav.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\k05nQEm\FJtLY-_upU2gDCES.wav |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\k05nQEm\JaPPbk.png.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\k05nQEm\JaPPbk.png |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\k05nQEm\NvFYUcJ0UacKW.jpg.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\k05nQEm\NvFYUcJ0UacKW.jpg |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\k05nQEm\p-9n.mp3.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\k05nQEm\p-9n.mp3 |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\k05nQEm\sGT Wju3.gif.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\k05nQEm\sGT Wju3.gif |
|
1 | |
| Move | C:\Users\FD1HVy\Desktop\k05nQEm\Zyb FWFVcKfpD0DWhgcC.m4a.ExpBoot | source_filename = C:\Users\FD1HVy\Desktop\k05nQEm\Zyb FWFVcKfpD0DWhgcC.m4a |
|
1 | |
| Read | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config | size = 4096, size_out = 4096 |
|
6 | |
| Read | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config | size = 4096, size_out = 1459 |
|
1 | |
| Read | C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\machine.config | size = 4096, size_out = 0 |
|
1 |
Registry (20)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion | value_name = InstallationType, data = Client, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = Library, data = 0, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = Library, data = %systemroot%\system32\netfxperf.dll, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = IsMultiInstance, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = IsMultiInstance, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = First Counter, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance | value_name = First Counter, data = 2240, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = CategoryOptions, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = CategoryOptions, data = 3, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = FileMappingSize, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = FileMappingSize, data = 131072, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance | value_name = Counter Names, type = REG_BINARY |
|
2 |
Module (14)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\user32.dll | base_address = 0x7ff931730000 |
|
1 | |
| Get Handle | c:\users\fd1hvy\desktop\1.exe | base_address = 0xb40000 |
|
8 | |
| Get Address | c:\windows\system32\user32.dll | function = DefWindowProcW, address_out = 0x7ff931fe5090 |
|
1 | |
| Create Mapping | - | filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 131072 |
|
1 | |
| Create Mapping | - | filename = System Paging File, protection = PAGE_READWRITE, maximum_size = 132 |
|
1 | |
| Map | - | process_name = c:\users\fd1hvy\desktop\1.exe, desired_access = FILE_MAP_WRITE |
|
1 | |
| Map | - | process_name = c:\users\fd1hvy\desktop\1.exe, desired_access = FILE_MAP_WRITE |
|
1 |
Window (5)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.378734a, wndproc_parameter = 0 |
|
1 | |
| Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.378734a, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.2.0.0.0.378734a.0 | class_name = .NET-BroadcastEventWindow.2.0.0.0.378734a.0, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.378734a, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.0.app.0.378734a, wndproc_parameter = 0 |
|
1 |
System (47)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get window text | window_text = 16779440 |
|
1 | |
| Get window text | window_text = 16779296 |
|
1 | |
| Get window text | window_text = 16779600 |
|
1 | |
| Get window text | window_text = 16779200 |
|
1 | |
| Get Computer Name | result_out = NQDPDE |
|
1 | |
| Get Cursor | x_out = 63, y_out = 585 |
|
2 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Sleep | duration = 600000 milliseconds (600.000 seconds) |
|
1 | |
| Get Time | type = Ticks, time = 143109 |
|
1 | |
| Get Time | type = Ticks, time = 211562 |
|
1 | |
| Get Time | type = Ticks, time = 221187 |
|
1 | |
| Get Time | type = Ticks, time = 231171 |
|
1 | |
| Get Time | type = Ticks, time = 241250 |
|
1 | |
| Get Time | type = Ticks, time = 251296 |
|
1 | |
| Get Time | type = Ticks, time = 261218 |
|
1 | |
| Get Time | type = Ticks, time = 271171 |
|
1 | |
| Get Time | type = Ticks, time = 271593 |
|
1 | |
| Get Time | type = Ticks, time = 281218 |
|
1 | |
| Get Time | type = Ticks, time = 281250 |
|
1 | |
| Get Time | type = Ticks, time = 291281 |
|
1 | |
| Get Time | type = Ticks, time = 291296 |
|
1 | |
| Get Time | type = Ticks, time = 301265 |
|
1 | |
| Get Time | type = Ticks, time = 301281 |
|
1 | |
| Get Time | type = Ticks, time = 311359 |
|
1 | |
| Get Time | type = Ticks, time = 311390 |
|
1 | |
| Get Time | type = Ticks, time = 321250 |
|
1 | |
| Get Time | type = Ticks, time = 321312 |
|
1 | |
| Get Time | type = Ticks, time = 331187 |
|
1 | |
| Get Time | type = Ticks, time = 331328 |
|
1 | |
| Get Time | type = Ticks, time = 331609 |
|
1 | |
| Get Time | type = Ticks, time = 341234 |
|
1 | |
| Get Time | type = Ticks, time = 341281 |
|
1 | |
| Get Time | type = Ticks, time = 341406 |
|
1 | |
| Get Time | type = Ticks, time = 351390 |
|
1 | |
| Get Time | type = Ticks, time = 351421 |
|
1 | |
| Get Time | type = Ticks, time = 351453 |
|
1 | |
| Get Time | type = Ticks, time = 361406 |
|
1 | |
| Get Time | type = Ticks, time = 361421 |
|
1 | |
| Get Time | type = Ticks, time = 361437 |
|
1 | |
| Get Info | type = Operating System |
|
7 |
Mutex (23)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\.net clr networking |
|
10 | |
| Create | mutex_name = Global\.net clr networking |
|
1 | |
| Open | mutex_name = Global\.net clr networking, desired_access = MUTEX_MODIFY_STATE, SYNCHRONIZE |
|
1 | |
| Release | mutex_name = Global\.net clr networking |
|
1 | |
| Release | mutex_name = Global\.net clr networking |
|
10 |
Network Behavior
