2.6
中危
DACN
0.14
FACILE
1.00
IMCLNet
0.78
MFGraph
0.00
反病毒引擎
| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | None | 20190527 | 0.3.0.5 |
| Avast | Win32:Agent-AUEF [Trj] | 20191001 | 18.4.3895.0 |
| Baidu | None | 20190318 | 1.0.0.2 |
| CrowdStrike | win/malicious_confidence_80% (D) | 20190702 | 1.0 |
| Kingsoft | None | 20191001 | 2013.8.14.323 |
| McAfee | Trojan-FESQ!921FB2981FD4 | 20191001 | 6.0.6.653 |
| Tencent | None | 20191001 | 1.0.0.1 |
静态指标
此可执行文件具有 PDB 路径
(1 个事件)
| pdb_path | D:\AnvirLab\Mining_framework.pdb |
动态指标
解析可疑的顶级域名(TLD)
(1 个事件)
| domain | s1039196-29777.pa.infobox.ru | description | 俄罗斯联邦域名 TLD | ||||||
在文件系统上创建可执行文件
(1 个事件)
| file | C:\.Trash-100\ActivateDesktop.exe |
创建隐藏或系统文件
(2 个事件)
搜索运行中的进程,可能用于识别沙箱规避、代码注入或内存转储的进程
(3 个事件)
网络通信
与未执行 DNS 查询的主机进行通信
(1 个事件)
| host | 114.114.114.114 | |||
创建已知的 CoinMiner 木马互斥体
(1 个事件)
| mutex | SamaelLovesMe |
连接到不再响应请求的 IP 地址(合法服务通常会保持运行)
(1 个事件)
| dead_host | 87.240.139.193:80 |
文件已被 VirusTotal 上 57 个反病毒引擎识别为恶意
(50 out of 57 个事件)
| ALYac | Gen:Variant.Johnnie.1060 |
| APEX | Malicious |
| AVG | Win32:Agent-AUEF [Trj] |
| Acronis | suspicious |
| Ad-Aware | Gen:Variant.Johnnie.1060 |
| AhnLab-V3 | Trojan/Win32.Agent.R111288 |
| Antiy-AVL | Trojan/Win32.Agentb |
| Arcabit | Trojan.Johnnie.D424 |
| Avast | Win32:Agent-AUEF [Trj] |
| Avira | TR/Graftor.pqifa |
| BitDefender | Gen:Variant.Johnnie.1060 |
| CAT-QuickHeal | Trojan.Mauvaise.SL1 |
| ClamAV | Win.Malware.Johnnie-6876867-0 |
| Comodo | TrojWare.Win32.Graftor.PQIF@5e7luk |
| CrowdStrike | win/malicious_confidence_80% (D) |
| Cybereason | malicious.81fd44 |
| Cylance | Unsafe |
| Cyren | W32/A-ea509234!Eldorado |
| DrWeb | Win32.HLLW.Digs.17 |
| ESET-NOD32 | a variant of Win32/CoinMiner.SO |
| Emsisoft | Gen:Variant.Johnnie.1060 (B) |
| Endgame | malicious (high confidence) |
| F-Prot | W32/A-ea509234!Eldorado |
| F-Secure | Trojan.TR/Graftor.pqifa |
| FireEye | Generic.mg.921fb2981fd44eec |
| Fortinet | W32/CoinMiner.CO!tr |
| GData | Gen:Variant.Johnnie.1060 |
| Ikarus | Trojan.Win32.Agentb |
| Invincea | heuristic |
| Jiangmin | Trojan.Generic.cbiv |
| K7AntiVirus | Trojan ( 004e39ef1 ) |
| K7GW | Trojan ( 004e39ef1 ) |
| Kaspersky | HEUR:Trojan.Win32.Generic |
| MAX | malware (ai score=85) |
| Malwarebytes | Trojan.BitCoinMiner |
| MaxSecure | Trojan.Malware.7164915.susgen |
| McAfee | Trojan-FESQ!921FB2981FD4 |
| McAfee-GW-Edition | BehavesLike.Win32.Trojan.dm |
| MicroWorld-eScan | Gen:Variant.Johnnie.1060 |
| Microsoft | Trojan:Win32/Maener.A |
| NANO-Antivirus | Trojan.Win32.Digs.eylgsq |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | HEUR/QVM10.1.427B.Malware.Gen |
| Rising | Trojan.CoinMiner!1.B551 (CLASSIC) |
| SUPERAntiSpyware | Trojan.Agent/Gen-Graftor |
| SentinelOne | DFI - Malicious PE |
| Symantec | ML.Attribute.HighConfidence |
| TACHYON | Trojan/W32.Agentb.239104.B |
| Trapmine | suspicious.low.ml.score |
| TrendMicro | Coinminer.Win32.MALXMR.SMJA |
二进制图像
288x288
224x224
192x192
160x160
128x128
96x96
64x64
32x32
运行截图
暂无运行截图
该样本运行过程中未生成截图
PE Compile Time
2014-07-14 07:56:03
PDB Path
D:\AnvirLab\Mining_framework.pdb
PE Imphash
aa700f0d34f0c276458833d9ead3ef6d
Sections
| Name | Virtual Address | Virtual Size | Size of Raw Data | Entropy |
|---|---|---|---|---|
| .text | 0x00001000 | 0x0002489c | 0x00024a00 | 6.601681030349275 |
| .rdata | 0x00026000 | 0x0000a036 | 0x0000a200 | 4.779485119231033 |
| .data | 0x00031000 | 0x00004300 | 0x00002000 | 4.657856009926849 |
| .rsrc | 0x00036000 | 0x000001e0 | 0x00000200 | 4.7137725829467545 |
| .reloc | 0x00037000 | 0x000093b0 | 0x00009400 | 2.287292046254401 |
Resources
| Name | Offset | Size | Language | Sub-language | File type |
|---|---|---|---|---|---|
| RT_MANIFEST | 0x00036060 | 0x0000017d | LANG_ENGLISH | SUBLANG_ENGLISH_US | None |
Imports
Library KERNEL32.dll:
• 0x426000 FindFirstFileA
• 0x426004 FindNextFileA
• 0x426008 LeaveCriticalSection
• 0x42600c CreateDirectoryA
• 0x426010 EnterCriticalSection
• 0x426014 DeleteFileA
• 0x426018 WaitForSingleObject
• 0x42601c Sleep
• 0x426020 TerminateProcess
• 0x426024 GetLastError
• 0x426028 SetLastError
• 0x42602c ExitProcess
• 0x426030 GetTickCount
• 0x426034 InitializeCriticalSectionAndSpinCount
• 0x426038 SetFileAttributesA
• 0x42603c GetModuleFileNameA
• 0x426040 CreateMutexA
• 0x426044 DeleteCriticalSection
• 0x426048 CloseHandle
• 0x42604c CreateFileA
• 0x426050 WriteFile
• 0x426054 InterlockedDecrement
• 0x426058 GetCurrentProcess
• 0x42605c Process32First
• 0x426060 OpenProcess
• 0x426064 WideCharToMultiByte
• 0x426068 CreateProcessA
• 0x42606c Process32Next
• 0x426070 IsWow64Process
• 0x426074 CreateToolhelp32Snapshot
• 0x426078 SetEndOfFile
• 0x42607c CreateFileW
• 0x426080 SetEnvironmentVariableA
• 0x426084 LoadLibraryW
• 0x426088 OutputDebugStringW
• 0x42608c WriteConsoleW
• 0x426090 SetStdHandle
• 0x426094 ReadConsoleW
• 0x426098 LoadLibraryExW
• 0x42609c HeapReAlloc
• 0x4260a0 GetOEMCP
• 0x4260a4 IsValidCodePage
• 0x4260a8 SetFilePointer
• 0x4260ac GetACP
• 0x4260b0 FreeEnvironmentStringsW
• 0x4260b4 GetEnvironmentStringsW
• 0x4260b8 GetSystemTimeAsFileTime
• 0x4260bc GetCurrentProcessId
• 0x4260c0 QueryPerformanceCounter
• 0x4260c4 GetCurrentThreadId
• 0x4260c8 GetModuleFileNameW
• 0x4260cc HeapSize
• 0x4260d0 GetConsoleMode
• 0x4260d4 GetConsoleCP
• 0x4260d8 FlushFileBuffers
• 0x4260dc SetFilePointerEx
• 0x4260e0 ReadFile
• 0x4260e4 AreFileApisANSI
• 0x4260e8 GetModuleHandleExW
• 0x4260ec GetProcessHeap
• 0x4260f0 GetFileType
• 0x4260f4 InterlockedIncrement
• 0x4260f8 EncodePointer
• 0x4260fc DecodePointer
• 0x426100 MultiByteToWideChar
• 0x426104 GetStringTypeW
• 0x426108 lstrlenA
• 0x42610c LocalFree
• 0x426110 HeapFree
• 0x426114 CreateThread
• 0x426118 ExitThread
• 0x42611c ResumeThread
• 0x426120 IsDebuggerPresent
• 0x426124 IsProcessorFeaturePresent
• 0x426128 GetCommandLineA
• 0x42612c RaiseException
• 0x426130 RtlUnwind
• 0x426134 HeapAlloc
• 0x426138 GetCPInfo
• 0x42613c UnhandledExceptionFilter
• 0x426140 SetUnhandledExceptionFilter
• 0x426144 TlsAlloc
• 0x426148 TlsGetValue
• 0x42614c TlsSetValue
• 0x426150 TlsFree
• 0x426154 GetStartupInfoW
• 0x426158 GetModuleHandleW
• 0x42615c GetProcAddress
• 0x426160 CompareStringW
• 0x426164 LCMapStringW
• 0x426168 GetLocaleInfoW
• 0x42616c IsValidLocale
• 0x426170 GetUserDefaultLCID
• 0x426174 EnumSystemLocalesW
• 0x426178 GetStdHandle
Library USER32.dll:
• 0x426190 GetCursorPos
Library ole32.dll:
• 0x4261c4 CoSetProxyBlanket
• 0x4261c8 CoUninitialize
• 0x4261cc CoInitializeEx
• 0x4261d0 CoInitializeSecurity
• 0x4261d4 CoCreateInstance
Library WS2_32.dll:
• 0x426198 connect
• 0x42619c WSAGetLastError
• 0x4261a0 htons
• 0x4261a4 WSACleanup
• 0x4261a8 recv
• 0x4261ac send
• 0x4261b0 gethostbyname
• 0x4261b4 closesocket
• 0x4261b8 WSAStartup
• 0x4261bc socket
L!This program cannot be run in DOS mode.
n`=`Zn`=`n`
n`Rich
`.rdata
@.data
@.reloc
UjhjNB
fF F$F(F,F0E
UjhKOB
PLSVW`
Y_^[]UA
;u[_^]
;u[_^]
Au+_QR/
Au+_QR.
D$ SVW`
3PD$8d
@u+PRL$ ,.
Y_^[L$ 3,
~0_^Y_F0
]UjhOB
4EPEqB
qpD0HB
^UjhQB
ESVWPEd
Qj SX4
$(0,48@<D@C
$(0,48@<D@C
ltpx|@C
Y_^[M3~
}L08ut
uQL08j
WP($pB
A0)0A
YUjhxPB
D$(SVW`
3PD$@d
D$ D$
CD$ L$4D$0
>PD$4L$$
CL$$T$$
PRD$(PD$%PD$(PCHPW
j|$4L$ t$
sPD$$V
e|$0 s7Vj
Y_^[L$(3
FPt8t3~@
_^Ujh8QB
D$0SVW`
3PD$Hd
L$<\$8T$ t-
CD$(t$8
\$8L$<D$$PD$
L$$D$ I@P
C|$4D$$P
|$,Pt$<
Ct$<VGHPR
CD$(t$8
9D$$D$
CL$(+Pj
Y_^[L$03Q
UVNPt;U
^3^UVu
UjhZMB
AD1NFV@
AD1NCFV@
;s)QWQ
UjhpOB
3UjhHPB
A A$A,Q
Q A,A0QP@C
D$ SVW`
3PD$8d
L$,D$(
PD$,|$
PVCHPR
t^2\CE
Y_^[L$ 3
F ~@F$F,N
^UjhNB
PQSVW`
F ~4F$F,N
]u/WM'{
Y_^[]UjhLB
Y_^[]Ujh
P8SVW`
]tb9 u^j
Y_^[]+IX+I+IH+I+I+IUjh[RB
EVWPEd
p@u(<<@
Y_^M3+~
ESVWPEd
RPW,<u(,,@
Y_^[M3{
]UjhQB
P$SVW`
@$;Euwus
Y_^[]U
@t5Ht7Ht`
^3[]_^
^3[]UjhRB
PQMV0EE@
uV@Uu(@
Y_^[]UL
ESVWPh
YM_^3[+s
WWEPME
WEEj Pf
GuEPS+
++VEPS]
SP\$"\$#$
Au+Q$x
3&L$<$
ED$@D$HD$DD$LD$PD$XD$TD$\D$`D$hD$dD$l@C
u#D$,L$,@
D$<4rB
t'T$H$
D$tL$x
L$<t$pD$<qB
Au+Q$X
]UjhRB
P(SVW`
Qq8MuQP$}
UjhpTB
D$@SVW`
3PD$Xd
D$8D$`
@t/Wt$
CD$$Pt$ D$$RPt$(y
PQSt$@E
Y_^[L$@3
PD$ j@P
PD$,Pu
0_^[3_
PD$ j@Pv
PD$,Pu
PD$$j@P
PD$0Pu
4_^[3^
PD$$j@Pu
PD$0Pu
D$!+D$"
D$,PD$8jlPos
PVt$,t$<t$,D$PPu
D$!+D$"
D$,PD$8jlP>q
PVt$,t$<t$,D$PPu
PD$$Pu
0_^[3.Y
UjhpSB
D$`SVW`
3PD$xd
] D$<t$ L$,t
D$(PJP
t$0L$HD$@D$\
CD$@PD$0
L$4D$0D$
t$8E$P
]t$8}$Vu,
8QL$L<
Vu(@PL$L)
CD$@VW
+;s"t$0+j
\$ D$P{$
CD$\Pq
D$D1Pu
CD$DPu
D$D1Pu
03&|$T
CD$DPu
CD$@+Q
D$,RPW
\$`QSWE
Y_^[L$`31T
_^]Ujh0TB
D$HSVW`
3PD$`d
M D$$t$
D$lL$$
WL$0D$D
PQL$ R
tL~HL$
+;s"t$
CL$DQE
D$<2Pu
CD$,Pu
D$<1Pu
03&|$<
CD$,Pu
CD$(+Q
D$$RPS
t$HQVSE
Y_^[L$H3
M t W0
Au+_QR^]
Au+_QR^]
3QRM^]
Au+_QR+^]
;s#QWVU
^UjhLB
]u/WMC
Y_^[]UjhLB
]u/WMB
Y_^[]Ujh
P8SVW`
]tb9 u^j
Y_^[]UjhSB
P8SVW`
tu9 uqj
Y_^[]UjhSB
P8SVW`
Gu+GWVA
E3h +C
EfEEEEfEEf
PMEhh/C
uij@PP
3fEPPj
u M^3[D
t2_^[M3C
3fxPPj
2_^M3>
3fxPPj
D$ED$M
j0D$\j
Bu+RT$,
D$(PD$Lj@PgQ
D$Hh(B
D$Lj@P
D$Hh8B
D$Lj@P P
SVWj.fD$df
D$ID$Q
Bu+j@hHAC
Bu+j@h
uFV5H`B
_^[33d7
Au+Qp/C
D$(3h +C
D$-fD$1D$3D$4D$=fD$AD$Cf
BuD$0+j
PL$(t$x
QT$4$l
"UjhTB
VEj@PE
V|j@PfE
|j@PSE
HEPSEG
_^2[M3/
u!QWRP
];sQRPWsJ
Ej@PiD
_^2[M3.
_^[M3})
M_^32[R(
_^[M3&
M_^32[&
ESVWh`B
+PVEj@P@
tGj UB
2_^[M30$
]SQWQ8B
]UjhHUB
P(SVW`
Qq8MuQP(}
P(SVW`
Qq8MuQP
Ujh{UB
Ujh{UB
VW7tKF
@u+@PF
@u+V@PW'0
2_^[M3Y
@u+V@PWw.
M_^3[{
]UjhUB
EPuMQE%qu'@
B;vFMu
+;ru]u
3$<7u3
E@HDLPXT\`hdl@C
4EPEqB
Y_^[]UjhUB
+j Q,}E
RPMQ,Kl<
F;vB;Ur3E,@
@HDLPXT\`hdl@C
(EPEqB
Y_^[]Ujh(VB
P,SVW`
Y_^[]hhB
j0VRPQPM
Y_^[]U(
Ej Pj W)
]Ujh`VB
u+FV^;
PN,B^]UE
YY]Uj !
k]3]U=/C
Y^]VWj
EPMEpB
Fu<DqB
_^]U]UUu
[_^V5`1C
<_^USVu
ESVWPEd
euE2P0
Y_^[M3
EPE`tB
@uqV}w
on0v00f
on0v00f
on0v00f
DDDDDDDDDDDDDD
@uoVNm
}VOYU}
}VxYUVu
_^]UVu
3^]USVu
t9W>+~
tWPVAYYE
PYt G}
4VAYYE
@uqVYh
UQSV5`B
;r>PS9
3_^[Uu
uVY}VrV
j"35X>C
X_^]UQQM
+;r=M(E
}VYUVW}
t9V.VD{
EPMEpB
WSV=7C
H^[_3^[_
:t3^[_
}V@YUj@u
]UV3PPPPPPPPU
$s ^UU
Y_^[]V
pXPTY
QATBTAXBXA
YY]WVt$
on0v00f
on0v00f
on0v00f
DDDDDDDDDDDDDD
tAt2t$
Y__^[]QPd5
3PuEEd
3PeuEEd
^]UQSE
k 3@[U
E[UQQE
WMux5U
1^[UQSE
UQQSVWd5
u3@]3]U
SVWE3PPPuu
E_^[E]UVu
woSW7C
3^]j hB
VSSEPB
SSSSSrF
HhM3}EPWSWWEP
WWWWWV
3PPPPP
|3_@^UE
tr8csmujx
EP?YYE
>csmuH~
u,Vu$6u
WPe_]UE
8csmu9x
]3]U<E
>csmu+~
YYuD}9
EPEPuu WM
u*EUMH
u$u uuuWu
SV,UEMA
u1u$u uWu
=u$jWu
^UQQW}
t1?MOCt)?RCCt!u$u Su
u SlMU
;F|c;F
u$Nu Qj
M;r^[_UQQSVu
;>|_^[u
Ht Hu4j
8RCCt!8MOCt
8csmu*`
E$Pu u
R 3@_^[]UVu
t3@_^]UVu
_[A^]j
}VsYk]
E`pU=?C
YY]U=?C
YY]U=?C
3YY]U}
3_[]3PPPPPR2
~18]t,}
~E8]t@M
Ft&u'u u
3M^3[UQQ`
E$39E(j
3t@WVuSu
t!3PP9E u
e_^[M3U
Mu(Eu$u u
PaY]UVW3j
_^]USVW=6C
PYu%t!V
u_^[]UVW3u
YYu,9E
u_^]UVW3u
t'@-rA
u2t&:a
]]%DaB
3@]UQV5p
^VWh~B
;s`Myt
Et%Map
Map_[U=?C
tJ2t#2t
rE8]tu
u{SSVuj
QSVuu$j
3PPWuj
3t5QVWuj
EVYSEYe_^[M3&UE
BuI+H]U
Mu$Eu u
MapUV3
^]USVW3
_^[]UBC
SVWt[=
@x<PYx1
3_^[]3PPPPP
jA[jZZ+U
_+[^]UE
8csmu(=vB
2?E_^[]
ffffffE
YM3_UE
3PPPPP
[_^]UE
1E3PeuEEEEd
Y__^[]QjdhXB
]j@j _WYY
Y8Y4@M
} j@W*YY
Y8Y4@MFu
}Genuu_}ineIuV}nteluM3@3
^u;5BC
YUQS3V9]
3C3PPju
Y3@^[UQEPh
YYuPVWh
;r=XBC
r^]UVu
tt5\BC
YYhPbB
VWSg3Y9{
QUQQVu
3W@D<,9U
YtDD4+
43QQ@8j
$QPEP0
G,84;E
(PSHP0
(PSHP0,
r3VVhU
QH++PPVh
Q$D+<;
Duct$j
?V@Y60
+,^[M3_oUW}
uQWYt0WYt$VWW
Yu =(8C
@Y<v5hb8C
lSSSSSoU
3QRpfo
SsYM_^3[
xAPSQR'
uN3VVu
u7LsY7k
kVVVVVUE
xy;5lBC
H5UVW}
3_^]U5d>C
3@]3]UE
t7x#Mx
B:t6t:t't
B^_[USV5`B
P_^[]USVu
t_FxtX9
YYvx{m
Pl3lYYE
uVlY_^[]UVu
SW=T`B
Q_[^]j
Npt"~l
t4V0;t(W8Yt
v,jY~4
v4jY~<
v<jY~@
v@jY~D
vDjY~H
vHjY~\pB
WijYEW
~lt#WY;=L
PYYV^]V
YYt3V5
VBiY3W
~pjCXf
Flvl2YE
YYt-V5
Y]};=BC
4WhYYBC
PWhYYG
uMj8AY
YUQQS3!UVu
<at-<rt"<wt
7u-B*u B
_^[SVWT$
URPQQhtA
t;T$4t
;v.4v\
UVWS33333[_^]
33333USVWj
_^[]Ul$
u';v#-U
Map_^[U=?C
S^`F`y
r]UQV5
W3}bWWWWjPWW
YYEtOj
WPj63WW
t.EWP[
Map_^UE
8csmu%x
Y3UQQ=dBC
EPEPSSV[
?sEMs=
;r6R Yt)EPEP
FA>\t>"u3
GV]{FY
t>V({>=YX
t@VSPc
VY%|5C
3Y[_^5
3PPPPP<UE
M3ME3M3;u
;r_^VWB
;r_^UQW
3tuVf9
uSPPP+PFVWPP
Yt*3PPuSVWPP
3[^_VW39=dBC
t/t%"u
VW_^]M
3]SjUu
3PPPPPUVW}
_^]VVVVV!UQSVW}
j.Yf;u-F
j.Yf;tyPVj@W:
@sh_tcPVj@
f;uCPVj
u#j,Xf;
W3PPPPP
_^[SSSSSUVu
PY_^]U
3M_^3[J
f>Cu/f9F
s,V,-x
}YYuw0P(WPt
PP@PPPu
@PVW 3I
SSSSSs 3f
{3PPPPP
US3V9]
|_^[]SSSSS
vlW)YYe
u3vlhL
VEE =LB
^_[S`N
*NYG43
3QQQQQ
4<YYDu
C<4F3f9
PjUHPh
3Dt@0Pp
YYt%PVWg
fW'YM_^3[BRb3PPPPP U
@,PjUHPh
3M_^3[PB
@8H (H$0
Yt5D;
+WPESj
SgY&VVVSj
Map[_^U
0:@t,;v!}
jP^3fLGM
Map_^[Uj
URVSQSWVp
URVSQjWVp
EMQMVqtURj
E@GE;|E
fu0MQVVVjWVp
M_^3[i:UQVu
Et.t.t
E@t5;v'}
VS$3Y9C
_^M3[86j
MapUS]
AJu_^[]U
;rM_^3[)2j
whu;5(
Eph33Su
Q9YEXhS
OuV<Y3_M^3[-U
EPQEPEj
Map[UVu
^0T^]W+
Ju3_uf
=yj"UQ`
39E WWu
e_^[M3+U
Mmu Eu
K4Y3MS0u
[_^]UVu
KuZ^5?C
Y+t"+t
+t^+uH
uAGdEGd
u wdVUY
8_]UQQM
3GW3Au
EmIuEt
@tJ=p!C
et_EtZfu
]U,SVWj0Xu
kj"_8i
uy3;uu;t
]u'j0XF
EfyfxW
v6j0F[
Wj0XPVh
PjdSQh
ap_^[Uj
MSWu ]]
hj"_8
-jd[;|
Map_[WWWWW
^VMQMQp
Map^[U,`
[SMQMQp
^M_3[;
[SMQMQp
^M_3[>
uVJ:0t
P|iYxu
Fu^8Et
3@]3]UW}
^VVVVV
(r^U=?C
tSVWjA_jZ+[
_^+[]j
uBjAYjZ+Z
ft:f;t3
t*f u!f t
ZmZ,$Z
B(;r3_^[]Ujh@B
1E3PEd
Y_^[]UE
WjY3}Mu;u
^VVYEu
'E;s(j
Xf9Etj
C+j@j
t7=(8C
u:=(8C
P;YYt@}
~';_t|%39E
;_tr.~
Map_6Uj
^0Wv_^]
1Lj"UU
^0u^]SW
ft%Ou +
3jPfTAX3f
sKj"U$`
u7NE9=x@C
;tO95@C
tGP5@C
MEt/t+
3M_^3[*UQQ`
t VV9u
e_^[M3RU
@uhVesY
It?ht2lt
PYYt8P
HHtVHHt
Kitdnt%o
PVP5!C
t=RPWQ309~
u?9t7PEPx
u(#QPV>
_^]UVu
PWj?/E
M71E39
Map^_[
;j"^0dqUj
PzYFH;
PhYFL;
PVY^]U
3VWM]M9
PjPWEj
$PjQWEj
*PjTWEj
+PjUWEj
,PjVWEj
P-PjWWEj
.PjRWEj
/PjSWEj
HPjPWEj
PLPjQWEj
SaSEPEP
u"<;uF
sxYYECx
3_^[UVu
PqYF0;
P_YF4;
PMY^]U
3VW]E9
3FjPVu3YYE
<0|o<9
YYECx{|
3_^[<;uF
F4aUVu
6v v$v(v,v0v4v
v8v<@v@vDvHvLvPvTvXxv\pv`hvd`vhXvlPvpHvt@vx8v|0@
^]USVW}
CSC.YYu
VAV|YY
3_^[]UQQSVu
Pj1SEj
Qj2SEj
Pj3SEj
Pj4SEj
Pj5SEj
Pj6SEj
PvWj7S
G Pj*SEj
G$Pj+SEj
G(Pj,SEj
G,Pj-SEj
G0Pj.SEj
G4Pj/SEj
Pj0SEj
G8PjDSEj
G<PjESEj
G@PjFSEj
GDPjGSEj
GHPjHSEj
GLPjISEj
GPPjJSEj
GTPjKSEj
GXPjLSEj
G\PjMSEj
G`PjNSEj
GdPjOSEj
GhPj8SEj
GlPj9SEj
GpPj:SEj
GtPj;SEj
GxPj<SEj
G|Pj=SEj
Pj>SEj
Pj?SEj
PjASEj
PjBSEj
PjCSEj
Pj(SEj
Pj)SEj
Pj SEj
Pj SEj
Pj1SEj
Pj2SEj
Pj3SEj
Pj4SEj
Pj5SEj
Pj6SEj
Pj7SEj
Pj*SEj
Pj+SEj
Pj,SEj
Pj-SEj
Pj.SEj
Pj/SEj
Pj0SEj
PjDSEj
PjESEj
PjFSEj
PjGSEj
PjHSEj
PjISEj
PjJSEj
PjKSEj
PjLSEj
PjMSEj
PjNSEj
Pj8SEj
Pj9SEj
Pj:SEj
Pj;SEj
Pj<SEj
Pj=SEj
Pj>SEj
Pj?SEj
Pj@SEj
PjASEj
PjBSEj
PjCSEj
Pj(SEj
Pj)SEj
Pj SEj
Pj SEj
6$YUQe
uI ^Uj
Map^Uj
FufEf;q
MapUSVWUj
P(RP$R
t:|$,t
;t$,v-4v
UQPXY]Y[
Vt\j=S
YYutI;tE=
YYtPSS%Y
3`3PPPPP4JUVu
uVPRQ"
ESP{A u
Map_^[3UU
3A]UQM
S3VWf9
u_+^[UE
VWft*}
fu3_^[]U
jUPRBYY
~*PP&#@PPPP
M3^3PPPPP7GUVu
|P3YYu*K
V9!@PVP
3@[|P3&YYu<K
V_ @PVP
t3 Y;C
Yu33 YY;txx3WWWWW)DU
YYu"Ws @PWP
3PPPPPxCUVu
VYYt@hB
VYYu&j
u^]%`B
EPjYVb=
@M3^9UVu
3WB3xPStJM
^]UQSVWj]
Yu2Vj@hPB
@PujUS
tMj_Su
3_^[3PPPPPk@U
M_^3[_
_^]UVg
P3_YYu"
M_^3[,
P3hYYu
P3>YYu
M_^3[S
3ft9Wj
fu_^]UVu
VYYt;hB
VYYu!j
u^]%`B
r3@]3]UQVWScu
3,;ut$}
YY;t3@_^U
SHPhPB
EP EPT
Pu82=haB
3M_^3[U
^U8S3E
+tHHt*Ht#
ZU+t6+t)+t +t
VEPuuu
VPuMQu
tSSS7+C#
QSS73B
uJSSR7A#
"QSS7cA
SSS7RA#
SSSSSQ0UQ=?C
tSVjA[jZ^+
SV3W9u
jAZjZ^+
ItDft?f;t8EP
Map_^[UW=7C
#3+#I#[
S<@PSV
3[_^]U(`
MEP3SSSSVEPEPh
MapM_^3[
MlEP3SSSSVEPEP
MapM_^3[BUQQE
_^[U0`
^3[3PPPPPP*WVU33D$
YY3^]j
MapUQfE
W|Ht+Ht$Ht
Ht HHt
PQW|PEPV
6&YM_3^t][
Map_^[3U}
3_[]3PPPPP/%Uj
$3Z}39w
Map_^U}
j"^;w3
0}# 3f
;r3_[^]
3]USVu
IA+3@j
H@+3@j]_E
3AMJDx.t'D
3AMJDy
<+3M9]t
UCTE;|
IAj X+E
OGD+3Gj
3AJDx(t!D
IAMj ]]Y+
UTMEE@E;|
IAj X+M
IAj ]X+
Iy}j X+
7M_^3[&UD`
IA+3@j
H@+3@j]_E
3AMJDx.t'D
3AMJDy
<+3M9]t
UCTE;|
IAj X+E
OGD+3Gj
3AJDx(t!D
IAMj ]]Y+
UTMEE@E;|
IAj X+M
IAj ]X+
Iy}j X+
7M_^3[
E3S3@VEW}]]]]]]9E$u
+t HHt
X]3@EB<
+t+-t&0tC
3@E0|*Eu9
A0}uEE$
kE3@EEEu
HA0tEE0|%u9
A0}uE+
+t"HHt
v09] t"AE
A0}IEU
HAO8 tMMQPEP1
Uf~;x2E
M_^3[k
A#W]EEE?UEft
;u%u!h,B
`3fu}ME
EN]]]]}f;
^EUuu~ou
B]48;ur
Ef~;x2E
}}EBUt
M]Euuj
u@Eu4E]u fE
f;s fE
}fEEEuMUf}!3f9E
]]]]}f;
UMX~X}E
[f~[fM
fMU<f@fE
f;s fE
}fEEEuUuf}
u]Ou}j
]Uu[y7
EAHUM]E~
EE>u}A
0I;s;s
3@M_^3[
3SSSSS
YEm}E3
]UWVSM
jxYf;t
jXYf;t
jxYf;t
jXYf;u
YuHjAXf;w
f;rQvf;
f;rQvf;
f;rQvf;
Qvf;rgJ
Pf;rSPf;
M$M,T$
<3Z~J3P~tB
3}J3}B
83}J3v}B
l35}$B
J3a|8B
J3a{|B
MMM(T$
MZMZMZT$
MhM`T$
J3~ypB
YQFhWB
tYh@XB
9qhJXB
3YVWp0C
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
bad allocation
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefghijklmnopqrstuvwxyz
0123456789abcdefABCDEF
K.$<5IkQ
s1q4L|WJ
w}v<5IkQ
Z w<5IkQ
K.$fKg
Kp>Wm7.
Z QZNm7.
Unknown exception
bad exception
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
CorExitProcess
(null)
`h````
xpxxxx
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
UTF-16LE
UNICODE
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
_hypot
_nextafter
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`h`hhh
xppwpp
CreateFile2
1#SNAN
1#QNAN
bad locale name
generic
unknown error
iostream
iostream stream error
system
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
invalid vector<T> subscript
string too long
invalid string position
vector<T> too long
bad cast
write attept. Data to write [
DB key
requested. Data returned [
Error opening file for reading
Error opening file for writing
BBBBBBBBB@BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB>BBB?456789:;<=BBBABBB
!"#$%&'()*+,-./0123BBBBBB
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBfalse
Deleting file "
Cleared directory "
" link
Searching for: "
other:
Taskmgr.exe
procexp.exe
\m_system
\options
No link to miner provided. Stopping mine if started
Miner starting with parameters "[
last_miner_link
Found last downloaded miner link. Comparing...
Need to redownload miner. Downloading to "
Don't need to redownload miner
Never downloaded miner. Downloading to "
Unpacking archive...
pre_exe
main_exe
parameters
miner_exe_name
Miner stopped
SamaelLovesMe
Exiting me...
pgH0BwW=
\ctfmon.exe
valid_
samael_
n3tgh0st_
alter_sources
update_info
miners_info
backup_url
\registry_tool.exe
last_regwrite_link
tools/RegWriter.exe.raum_encrypted
) from
Trying to download registry tool(
666_SamaelLovesMe_666
Registry tool downloaded!
Registry tool download FAILED!
-autorun
/signin.php?id=
qwertyuiopasdfghjklzxcvbnm01234567890
machine_id_new
&64bit=
&video_card=
radeon
nvidia
http://
67803182,70856039
FirewallGUI.exe
SystemDrive
version
framework_exe
Verifying source
This was good source
reserved.raum_update
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Mozilla/5.0 (compatible; Konqueror/4.3; Linux) KHTML/4.3.5 (like Gecko)
Mozilla/4.8 [en] (Windows NT 5.0; U)
Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20060127 Netscape/8.1
HTTP/1.0
Host:
Cache-Control: max-age=0, no-store
User-agent:
on step
GetHTTPFile failed with code
Passed args[
/method/groups.getById.xml?fields=status&group_ids=
status
/method/groups.getById.xml?fields=description&group_ids=
description
/method/wall.get.xml?count=1&owner_id=-
/method/groups.getById.xml?fields=site&group_ids=
api.vk.com
/method/wall.get.xml
Can't connect to VK
error_code
Strange VK response[
banned
VK didn't answer. Retrying...
Downloaded. Decrypting with key
Content-Length
bytes]...
Downloading file [
heur_check
Error opening file for writing
bytes, handle:
Writing data to file
SELECT * FROM Win32_VideoController
video_info
BMraB3G
RSDSOH
D:\AnvirLab\Mining_framework.pdb
FindFirstFileA
FindNextFileA
LeaveCriticalSection
CreateDirectoryA
EnterCriticalSection
DeleteFileA
WaitForSingleObject
TerminateProcess
GetLastError
SetLastError
ExitProcess
GetTickCount
InitializeCriticalSectionAndSpinCount
SetFileAttributesA
GetModuleFileNameA
CreateMutexA
DeleteCriticalSection
CloseHandle
CreateFileA
WriteFile
InterlockedDecrement
GetCurrentProcess
Process32First
OpenProcess
WideCharToMultiByte
CreateProcessA
Process32Next
IsWow64Process
CreateToolhelp32Snapshot
KERNEL32.dll
GetCursorPos
USER32.dll
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity
CoInitializeEx
ole32.dll
OLEAUT32.dll
WS2_32.dll
InterlockedIncrement
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
lstrlenA
LocalFree
HeapFree
CreateThread
ExitThread
ResumeThread
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetProcessHeap
GetModuleHandleExW
AreFileApisANSI
ReadFile
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
GetModuleFileNameW
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetACP
SetFilePointer
IsValidCodePage
GetOEMCP
HeapReAlloc
LoadLibraryExW
ReadConsoleW
SetStdHandle
WriteConsoleW
OutputDebugStringW
LoadLibraryW
SetEnvironmentVariableA
CreateFileW
SetEndOfFile
.?AV_Locimp@locale@std@@
.?AVbad_alloc@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AV_com_error@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
I x@oGAkU'9p|B
~QCv)/&D(
uuvHMXB
9;5SM]=];Z] T7aZ%]g']
?Zd;On
7?3=Bz
;1az?aUY~S|
D?$?9'
*?}d|FU>c{
zc%C1<!8G
u7.:3q
#2IZ9W
,%I-64OSk%Y
.?AVsystem_error@std@@
.?AV?$codecvt@DDH@std@@
.?AVbad_cast@std@@
.?AVexception@std@@
.?AVcodecvt_base@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AVios_base@std@@
.?AV_Iostream_error_category@std@@
.?AVfailure@ios_base@std@@
.?AVruntime_error@std@@
.?AV?$ctype@D@std@@
.?AV_System_error_category@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$_Iosb@H@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
.?AV_Facet_base@std@@
.?AUctype_base@std@@
.?AV?$basic_ofstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AVfacet@locale@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$numpunct@D@std@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
X:\.Trash-100
Ahr0CdOVl3mXmdm5mtK2lti5nZC3lNbHlMLUzM9IB3GUCNuV
Hey, bro! How do you like your work?
':0036
ActivateDesktop.exe
ndyUmtyXlJaUodC=
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
F0V000011"2f2x222;4k44A5m555!6M66666
7777$828A8K8Z8d8B9T9r99
::#;A;m;;;;;>d??
0011/2S222n33
4>4v4444:5f5x5:6667777v8889999[:b:8=@=h=p=====
>>>4???
)080F0)383F35667788888~99
;<;;;;4<X<k<<<==@>V>f>>>>>
11111V4e4m627<777%868D88#;-;7;V;h;
='=.=4=9=G=====
>+>1>G>N>T>Y>g>>>>
?(?h???
0"0(0-020E0Z0f0000(1.1I1{1111
2&222Q24393C3I3T3^3j3p3333
4(4B6677778888v999(:L:o:::
;6;j;;;;;
<><C<Z<n<<<<<< ='=6===b=r=w====M>]>d>k>r>>>>>>>>>>>>>
?,?3?9?@?I?i???
111h1111
2'2^2l2222222
3'3A3Y3r3
4M4R4c444
5 5=5X5]55366
777U7z7777#8=8888(9I999<:A:Z:a:z:::::::);:;@;`;;;;;;;
<*<I<O<T<Y<v<<=
1z11122222=4444%5j66Y7h7v777i<x<<
k22333
4;4A4W4^4d4i4w4444&585[5a5w5~555555
6F6X6666
7H7}777
9)9:9S99999
:L:|::
;;;^;;;;6<P<j<<<<<<
=8=<=@=D=Z==
>/>Q>>>
?3?K?\?u????
0$0)030?0s00000)1B11Z2k2222222)343v3|3333
40474G4N4f444435:5A5a555
646P6e66
7"7(7@7~777777
8 8'8,8:8@8N8\8j88888888888
9"9Q9V9k9z999999
:&:G:t:::::
< <1<Q<j<o<<<<%=]=w=======
> >%>)>/>w>}>>>>>>>>>>>>>>>>>>>
?"?&?,?6?@?J?T?^?h?r?{?????
0000@11:2b2x2}222222
3W3~33333
4'4;4X4o444444
5+5<555555
6.66666666
747J7V777777
8!8(8A8H8a8888888P9T9X9\9j999999999
:::K:l:::
;/;f;;;;;;;;
<4<;<f<x<~==
0%0R0f000
1<1L1R1a1111
22j3z333/4F4
5*5c55566
7)7F7788
9H9f999
:;:_:::;
=F=d=======
>t>>>>s????
0:00000
1=1f1v1 2(2
222222(3:3J3i33
4(4E4Z4f4k444 5n5v5|55555
6!6a6g666
717>7T777777
8 8'818A8m888888
<,<2<E<K<<<<<<
=)=N=\=v={=====e>>>>
?X?q??????
0f0m000
1+1E1c1111^2222u444444444
555<5@5D5H5L5P5T5X555555
6%6@6G6L6P6T6u66666666666>7D7H7L7P78888
9#9/9?9N9U9f9t9
999999
:/:\:~:::E;
<=A>g>r>>>%?????
,01060M0000
1 1+1011F22245627<7G7}79999z:7<G<V<y<<<<
=$=P=F>M>`>>>>>>>>>>>>>>>>>
? ?)?3?C?S?c?l????????????????
0$0.0A0F0V0^0o000111
2&2,2>2H2Q22222L3333u555555555
656<6@6D6H6L6P6T6X666666
7%7@7G7L7P7T7u77777777777>8D8H8L8P8Z:::
?4?K?Z??
1/1z111111111
2+2^2m2t2222222233335799
111111
203;3[3f333
41494Y4a4z4a567777
8v889u:~:::::
;!;Z;c;q;;;*<^<r<<
=-=F=$>)>/>3>9>=>C>G>M>Q>V>\>`>f>j>p>t>z>~>>>>>>>>>>>>>
?&?,?G?W?`?h???????????????????
0!0&0,04090?0G0L0R0Z0_0e0m0r0x0000000000000000000000
1#1+10161>1C1I1Q1V1\1d1i1o1w1|11111111111111111
;;;;;;;;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<g<
>>E?}?????
500000000000
1%1+1=1P1V1q1{1112222
494{445
6 6l7s77
9=9p999999):b:t::::
;#;,;K;V;`;r;|;;;%<2<><H<i<p<<<<<
=1=>=j=t======
>!>4>?>D>V>a>f>}>>>>D?[?h?t?????????
0 0$0C000L11"2X2z2253f3344(5E5d5
6(6@6Y666666?7r777,88
9I9X9v99:::
</<<<==>&?/?W???
2!212p2222222222
3*343b3u333H45555:6i6
7S7]7y77778
9B:::;;8<{<<<
>5>?>w>
?E?`?x??????
K0V0w0000000(181c1t111111t333354u445~88
:(:?:j:;
<#<-<3<9<?<<<6>E>~>>>>>>>
?8?@?E?i????????
0 0%0D0x0000000
2 232?22
334/555l67_8s8888888l9r99999
:(:Z::0;y;;;<=G?z?
#0h0t0a1o111*3
4A4g44J5n66B7{777:8^88
:%::::
; ;J;Q;X;_;z;;;;;;
<D<_<==
>$>.><>E>O>p>>>
?$?>?F?Q?h??????????
"0\000?1r111 3]333~444445556666666
7V7[7d7i7r7w7777
88<:W:m:::=>>>
5H567::::<
==,>>??
0%0600000
2H2b22\3p3B4W444444
575D5N5u555D6N6X6l66617K7[77777
88K9W9a9}9999):T::::
;8;{;;;;;%<X<^<f<<<<
=3=:======
>#>]>i>
1/151A1O1U1d1k1{111111111111111
2!2,2o2222~33j444'5?5o589:
;);/;N;T;< ?#?'?+?/?3?7?;?
1z11111111
2.2@2R22^555
6%676I6[6677E8O8W8_8g8E<P<^<
9999 :0:D:S:::::
;M;;<<<>`??
02222j3u3`44
55@666(717777/8|8,99":
;5;_;v;;;
<y<<<< =s===/>4>:>A>>
D0X1f111111
24 5R5{5555
679*:|;K>c>>U???????
4"4444/5555
606b667
89=:I:::::;;;I<k=s=
G0M0[0j00
1B11 5258888888888888
9999):^:
?-?]?????
*0Z0000"1W111
2:2z222@333
6:6r66666666666
7,707:7H7R7\7h7t7~777777777777777
8!8'8+878A8K8U8_8i8s8}888
11111111
2 2$2(2,202<2@2D22222222222222
3$3,343<3D3L3T3\3d3l3t3|33333333333333333
4$4,444<4D4L4T4\4d4l4t4|4444444444444444
5$5,545<5D5L5T5\5d5l5t5|55555555555555555
6$6,646<6D6L6T6\6d6l6t6|66666666666666666
7$7,747<7D7L7T7\7????
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|000000000000000000000000
111111111111111111111111111111111
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|22222222222222222222222222222`4D6H6L6d6h6l6p6t6x6|66666>
T1\1d1l1t1|11111111111111111
2$2,242<2D2L2T2\2d2l2t2|22222222222222222
3$3,343<3D3L3T3\3d3l3t3|33333333333333333
4$4,444<4D4L4T4\4d4l4t4|44444444444444444
5$5,545<5D5L5T5\5d5l5t5|55555555555555555
6$6,646<6D6L6T6\6d6l6t6|66666666666666666
7$7,747<7D7L7T7\7d7l7t7|77777777777777777
8$8,848<8D8L8T8\8d8l8p8x88888888888888888
9 9(90989@9H9P9X9`9h9p9x99999999999999999
: :(:0:8:@:H:P:X:`:h:p:x:::::::::::::::::
; ;(;0;8;@;H;P;X;`;h;p;x;;;;;;;;;;;;;;;;;
< <(<0<8<@<H<P<X<`<h<p<x<<<<<<<<<<<<<<<<<
= =(=0=8=@=H=P=X=`=h=p=x=================
> >(>0>8>@>H>P>X>`>h>p>x>>>>>>>>>>>>>>>>>
? ?(?0?8?@?H?P?X?`?h?p?x???
::::::::::
;$;,;4;<;D;L;T;\;d;
1 1$1(1,1014181<1@1D1H1L1P1T12222444444444444
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|555555555555555555555555555555555
6 6$6(6,6064686<6@6D6H6L6P6T6P<\<h<t<<<<<<<<<<<<
=(=4=@=L=X=d=p=|===========
>$>0><>H>T>`>l>x>>>>>>>>>>>>
? ?,?8?D?P?
7$707<7H7T7`7l7x777777777777
8D;H;L;P;l;p;t;x;|;;;;
,7077777777777777
8,808@8D8H8P8h8x8|88888888888888
9,909@9D9H9P9h9x9|999999999999
: :$:(:,:@:P:`:d:t:x::::::::::
; ;(;,;4;L;P;T;X;l;|;;;;;;;;;;;
< <(<@<D<X<\<l<p<<<<<<<<<<<<<
= =8=<=T=d=h=l============
>$>4>8>P>`>p>t>x>>>>>>>>>>>>
?(?,?0?H?L?d?h?????????????????
0 0$0(0,040L0\0`0x00000000000000000
1$1<1@1D1H1\1`1d1h1l11111112222222
3$3,343<3@3D3L3`3h3p3x3|33333333333
4(4H4h444444
505P5l5p555555
686@6D6\6`6|66666666
707P7p77777
808P8p888888
9 9<9@9`9l9x99999
:4:8:T:X:x::::::::
;$;8;@;D;L;`;h;|;;;;;;;;;;;;;
< <,<4<x<<<<<<<< =0=<=\=h======
>(>H>X>`>h>t>>>>>>>
?8?@?L?l?t????????
040<0`0p0|0000000
10181@1H1P1X1`1l1t1111111
2 2,2L2T2`2h222222222
3$3,343@3`3h3p3x333333333
4(4H4T4t4444444444
5(50585\5l5x55555555
646<6H6h6
0$0@0`00h2l222
50585<5@5D5H5L5P5T5X5\5h5l5p5t5x5|55566688888888
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9999999999999999999999999999999
: :$:(:,:0:4:8:<:@:D:H:L:t::::::::::
t0|00000000000000000
1$1,141<1D1L1T1t1x1|11111111H2L266
7(7D7d7777
8,8H8t888$9@9d9999
:H:h:::???
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
j�j�j�j�j�j�
� � � � � � � � �(�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � �h�(�(�(�(� � � � � � � � � � � � � � � � � � �H�
� � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � � �H�
A�k�e�r�n�e�l�3�2�.�d�l�l�
z�h�-�C�H�S�
a�z�-�A�Z�-�L�a�t�n�
u�z�-�U�Z�-�L�a�t�n�
k�o�k�-�I�N�
s�y�r�-�S�Y�
d�i�v�-�M�V�
q�u�z�-�B�O�
s�r�-�S�P�-�L�a�t�n�
a�z�-�A�Z�-�C�y�r�l�
u�z�-�U�Z�-�C�y�r�l�
q�u�z�-�E�C�
s�r�-�S�P�-�C�y�r�l�
q�u�z�-�P�E�
s�m�j�-�N�O�
b�s�-�B�A�-�L�a�t�n�
s�m�j�-�S�E�
s�r�-�B�A�-�L�a�t�n�
s�m�a�-�N�O�
s�r�-�B�A�-�C�y�r�l�
s�m�a�-�S�E�
s�m�s�-�F�I�
s�m�n�-�F�I�
z�h�-�C�H�T�
a�z�-�a�z�-�c�y�r�l�
a�z�-�a�z�-�l�a�t�n�
b�s�-�b�a�-�l�a�t�n�
d�i�v�-�m�v�
k�o�k�-�i�n�
q�u�z�-�b�o�
q�u�z�-�e�c�
q�u�z�-�p�e�
s�m�a�-�n�o�
s�m�a�-�s�e�
s�m�j�-�n�o�
s�m�j�-�s�e�
s�m�n�-�f�i�
s�m�s�-�f�i�
s�r�-�b�a�-�c�y�r�l�
s�r�-�b�a�-�l�a�t�n�
s�r�-�s�p�-�c�y�r�l�
s�r�-�s�p�-�l�a�t�n�
s�y�r�-�s�y�
u�z�-�u�z�-�c�y�r�l�
u�z�-�u�z�-�l�a�t�n�
z�h�-�c�h�s�
z�h�-�c�h�t�
m�s�c�o�r�e�e�.�d�l�l�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �a�r�g�u�m�e�n�t�s�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �e�n�v�i�r�o�n�m�e�n�t�
-� �a�b�o�r�t�(�)� �h�a�s� �b�e�e�n� �c�a�l�l�e�d�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �t�h�r�e�a�d� �d�a�t�a�
-� �u�n�e�x�p�e�c�t�e�d� �m�u�l�t�i�t�h�r�e�a�d� �l�o�c�k� �e�r�r�o�r�
-� �u�n�e�x�p�e�c�t�e�d� �h�e�a�p� �e�r�r�o�r�
-� �u�n�a�b�l�e� �t�o� �o�p�e�n� �c�o�n�s�o�l�e� �d�e�v�i�c�e�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �_�o�n�e�x�i�t�/�a�t�e�x�i�t� �t�a�b�l�e�
-� �p�u�r�e� �v�i�r�t�u�a�l� �f�u�n�c�t�i�o�n� �c�a�l�l�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �s�t�d�i�o� �i�n�i�t�i�a�l�i�z�a�t�i�o�n�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �l�o�w�i�o� �i�n�i�t�i�a�l�i�z�a�t�i�o�n�
-� �u�n�a�b�l�e� �t�o� �i�n�i�t�i�a�l�i�z�e� �h�e�a�p�
-� �C�R�T� �n�o�t� �i�n�i�t�i�a�l�i�z�e�d�
-� �A�t�t�e�m�p�t� �t�o� �i�n�i�t�i�a�l�i�z�e� �t�h�e� �C�R�T� �m�o�r�e� �t�h�a�n� �o�n�c�e�.�
T�h�i�s� �i�n�d�i�c�a�t�e�s� �a� �b�u�g� �i�n� �y�o�u�r� �a�p�p�l�i�c�a�t�i�o�n�.�
-� �n�o�t� �e�n�o�u�g�h� �s�p�a�c�e� �f�o�r� �l�o�c�a�l�e� �i�n�f�o�r�m�a�t�i�o�n�
-� �A�t�t�e�m�p�t� �t�o� �u�s�e� �M�S�I�L� �c�o�d�e� �f�r�o�m� �t�h�i�s� �a�s�s�e�m�b�l�y� �d�u�r�i�n�g� �n�a�t�i�v�e� �c�o�d�e� �i�n�i�t�i�a�l�i�z�a�t�i�o�n�
T�h�i�s� �i�n�d�i�c�a�t�e�s� �a� �b�u�g� �i�n� �y�o�u�r� �a�p�p�l�i�c�a�t�i�o�n�.� �I�t� �i�s� �m�o�s�t� �l�i�k�e�l�y� �t�h�e� �r�e�s�u�l�t� �o�f� �c�a�l�l�i�n�g� �a�n� �M�S�I�L�-�c�o�m�p�i�l�e�d� �(�/�c�l�r�)� �f�u�n�c�t�i�o�n� �f�r�o�m� �a� �n�a�t�i�v�e� �c�o�n�s�t�r�u�c�t�o�r� �o�r� �f�r�o�m� �D�l�l�M�a�i�n�.�
-� �i�n�c�o�n�s�i�s�t�e�n�t� �o�n�e�x�i�t� �b�e�g�i�n�-�e�n�d� �v�a�r�i�a�b�l�e�s�
D�O�M�A�I�N� �e�r�r�o�r�
S�I�N�G� �e�r�r�o�r�
T�L�O�S�S� �e�r�r�o�r�
r�u�n�t�i�m�e� �e�r�r�o�r� �
B�R�6�0�0�2�
-� �f�l�o�a�t�i�n�g� �p�o�i�n�t� �s�u�p�p�o�r�t� �n�o�t� �l�o�a�d�e�d�
R�u�n�t�i�m�e� �E�r�r�o�r�!�
P�r�o�g�r�a�m�:� �
<�p�r�o�g�r�a�m� �n�a�m�e� �u�n�k�n�o�w�n�>�
M�i�c�r�o�s�o�f�t� �V�i�s�u�a�l� �C�+�+� �R�u�n�t�i�m�e� �L�i�b�r�a�r�y�
(�n�u�l�l�)�
S�u�n�d�a�y�
M�o�n�d�a�y�
T�u�e�s�d�a�y�
W�e�d�n�e�s�d�a�y�
T�h�u�r�s�d�a�y�
F�r�i�d�a�y�
S�a�t�u�r�d�a�y�
J�a�n�u�a�r�y�
F�e�b�r�u�a�r�y�
A�u�g�u�s�t�
S�e�p�t�e�m�b�e�r�
O�c�t�o�b�e�r�
N�o�v�e�m�b�e�r�
D�e�c�e�m�b�e�r�
M�M�/�d�d�/�y�y�
d�d�d�d�,� �M�M�M�M� �d�d�,� �y�y�y�y�
H�H�:�m�m�:�s�s�
C�A�L�C�_�A�L�L�
L�C�_�C�O�L�L�A�T�E�
L�C�_�C�T�Y�P�E�
L�C�_�M�O�N�E�T�A�R�Y�
L�C�_�N�U�M�E�R�I�C�
L�C�_�T�I�M�E�
U�T�F�-�1�6�L�E�
U�N�I�C�O�D�E�
U�S�E�R�3�2�.�D�L�L�
B�B�B�B�B�B�B�
B�B�B�B�B�B�B�
B�B�B�B�B�B�
a�m�e�r�i�c�a�n�
a�m�e�r�i�c�a�n� �e�n�g�l�i�s�h�
a�m�e�r�i�c�a�n�-�e�n�g�l�i�s�h�
a�u�s�t�r�a�l�i�a�n�
b�e�l�g�i�a�n�
c�a�n�a�d�i�a�n�
c�h�i�n�e�s�e�
c�h�i�n�e�s�e�-�h�o�n�g�k�o�n�g�
c�h�i�n�e�s�e�-�s�i�m�p�l�i�f�i�e�d�
c�h�i�n�e�s�e�-�s�i�n�g�a�p�o�r�e�
c�h�i�n�e�s�e�-�t�r�a�d�i�t�i�o�n�a�l�
d�u�t�c�h�-�b�e�l�g�i�a�n�
e�n�g�l�i�s�h�-�a�m�e�r�i�c�a�n�
e�n�g�l�i�s�h�-�a�u�s�
e�n�g�l�i�s�h�-�b�e�l�i�z�e�
e�n�g�l�i�s�h�-�c�a�n�
e�n�g�l�i�s�h�-�c�a�r�i�b�b�e�a�n�
e�n�g�l�i�s�h�-�i�r�e�
e�n�g�l�i�s�h�-�j�a�m�a�i�c�a�
e�n�g�l�i�s�h�-�n�z�
e�n�g�l�i�s�h�-�s�o�u�t�h� �a�f�r�i�c�a�
e�n�g�l�i�s�h�-�t�r�i�n�i�d�a�d� �y� �t�o�b�a�g�o�
e�n�g�l�i�s�h�-�u�k�
e�n�g�l�i�s�h�-�u�s�
e�n�g�l�i�s�h�-�u�s�a�
f�r�e�n�c�h�-�b�e�l�g�i�a�n�
f�r�e�n�c�h�-�c�a�n�a�d�i�a�n�
f�r�e�n�c�h�-�l�u�x�e�m�b�o�u�r�g�
f�r�e�n�c�h�-�s�w�i�s�s�
g�e�r�m�a�n�-�a�u�s�t�r�i�a�n�
g�e�r�m�a�n�-�l�i�c�h�t�e�n�s�t�e�i�n�
g�e�r�m�a�n�-�l�u�x�e�m�b�o�u�r�g�
g�e�r�m�a�n�-�s�w�i�s�s�
i�r�i�s�h�-�e�n�g�l�i�s�h�
i�t�a�l�i�a�n�-�s�w�i�s�s�
n�o�r�w�e�g�i�a�n�
n�o�r�w�e�g�i�a�n�-�b�o�k�m�a�l�
n�o�r�w�e�g�i�a�n�-�n�y�n�o�r�s�k�
p�o�r�t�u�g�u�e�s�e�-�b�r�a�z�i�l�i�a�n�
s�p�a�n�i�s�h�-�a�r�g�e�n�t�i�n�a�
s�p�a�n�i�s�h�-�b�o�l�i�v�i�a�
s�p�a�n�i�s�h�-�c�h�i�l�e�
s�p�a�n�i�s�h�-�c�o�l�o�m�b�i�a�
s�p�a�n�i�s�h�-�c�o�s�t�a� �r�i�c�a�
s�p�a�n�i�s�h�-�d�o�m�i�n�i�c�a�n� �r�e�p�u�b�l�i�c�
s�p�a�n�i�s�h�-�e�c�u�a�d�o�r�
s�p�a�n�i�s�h�-�e�l� �s�a�l�v�a�d�o�r�
s�p�a�n�i�s�h�-�g�u�a�t�e�m�a�l�a�
s�p�a�n�i�s�h�-�h�o�n�d�u�r�a�s�
s�p�a�n�i�s�h�-�m�e�x�i�c�a�n�
s�p�a�n�i�s�h�-�m�o�d�e�r�n�
s�p�a�n�i�s�h�-�n�i�c�a�r�a�g�u�a�
s�p�a�n�i�s�h�-�p�a�n�a�m�a�
s�p�a�n�i�s�h�-�p�a�r�a�g�u�a�y�
s�p�a�n�i�s�h�-�p�e�r�u�
s�p�a�n�i�s�h�-�p�u�e�r�t�o� �r�i�c�o�
s�p�a�n�i�s�h�-�u�r�u�g�u�a�y�
s�p�a�n�i�s�h�-�v�e�n�e�z�u�e�l�a�
s�w�e�d�i�s�h�-�f�i�n�l�a�n�d�
a�m�e�r�i�c�a�
b�r�i�t�a�i�n�
e�n�g�l�a�n�d�
g�r�e�a�t� �b�r�i�t�a�i�n�
h�o�l�l�a�n�d�
h�o�n�g�-�k�o�n�g�
n�e�w�-�z�e�a�l�a�n�d�
p�r� �c�h�i�n�a�
p�r�-�c�h�i�n�a�
p�u�e�r�t�o�-�r�i�c�o�
s�l�o�v�a�k�
s�o�u�t�h� �a�f�r�i�c�a�
s�o�u�t�h� �k�o�r�e�a�
s�o�u�t�h�-�a�f�r�i�c�a�
s�o�u�t�h�-�k�o�r�e�a�
t�r�i�n�i�d�a�d� �&� �t�o�b�a�g�o�
u�n�i�t�e�d�-�k�i�n�g�d�o�m�
u�n�i�t�e�d�-�s�t�a�t�e�s�
2�C�O�N�O�U�T�$�
R�O�O�T�\�C�I�M�V�2�
L�D�e�s�c�r�i�p�t�i�o�n�
B�B�B�B�B�B�B�B�
Process Tree
-
0b92b81d8c4c766c4afac0549cedfca351280dba68093177f2d6508443249182.exe (1932)
"C:\Users\Administrator\AppData\Local\Temp\0b92b81d8c4c766c4afac0549cedfca351280dba68093177f2d6508443249182.exe"
- ActivateDesktop.exe (2996) C:\.Trash-100\ActivateDesktop.exe
Hosts
| IP |
|---|
| 114.114.114.114 |
| 87.240.139.193 |
DNS
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| s1039196-29777.pa.infobox.ru | ||
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| api.vk.com |
A 87.240.129.140
A 87.240.139.193 A 87.240.137.130 |
87.240.129.140 |
TCP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49165 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49167 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49168 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49169 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49170 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49171 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49172 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49175 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49176 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49177 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49178 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49179 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49180 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49181 | 87.240.139.193 api.vk.com | 80 |
| 192.168.56.101 | 49182 | 87.240.139.193 api.vk.com | 80 |
UDP
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 53179 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 49642 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 61714 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 56933 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58485 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57665 | 114.114.114.114 | 53 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
HTTP & HTTPS Requests
No HTTP requests performed.
ICMP traffic
No ICMP traffic performed.
IRC traffic
No IRC requests performed.
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Snort Alerts
No Snort Alerts
| Name | 727350de59be2e3c_version |
|---|---|
| Filepath | C:\.Trash-100\db\version |
| Size | 4.0B |
| Processes | 1932 (0b92b81d8c4c766c4afac0549cedfca351280dba68093177f2d6508443249182.exe) 2996 (ActivateDesktop.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | 8ae502a489e46e16512581742d93db9c |
| SHA1 | 1c236c76127575e539a03d4621aa35451321622c |
| SHA256 | 727350de59be2e3c8ba1ea001e81a8d86e3931813e915dbb384e405c142912e3 |
| CRC32 | CED53284 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 0c307939523d63f8_activatedesktop.exe |
|---|---|
| Filepath | C:\.Trash-100\ActivateDesktop.exe |
| Size | 233.5KB |
| Processes | 1932 (0b92b81d8c4c766c4afac0549cedfca351280dba68093177f2d6508443249182.exe) |
| Type | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 382fe921bcc091a1f8b10b1acdbe1d58 |
| SHA1 | 1c2322570b895d74cc2d0138095adb3b25d035d0 |
| SHA256 | 0c307939523d63f807ab4a9a9b349b31cfa031f4f727ca3da776b0fa091524a6 |
| CRC32 | FB7D043D |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
| Name | 98dcba6d93cc19d1_framework_exe |
|---|---|
| Filepath | C:\.Trash-100\db\framework_exe |
| Size | 19.0B |
| Processes | 1932 (0b92b81d8c4c766c4afac0549cedfca351280dba68093177f2d6508443249182.exe) 2996 (ActivateDesktop.exe) |
| Type | ASCII text, with no line terminators |
| MD5 | 665009c6d258a06e710ff8c7810f4697 |
| SHA1 | abf7abc9bae75e5323a12b1d58336dfe0fd58e22 |
| SHA256 | 98dcba6d93cc19d148e629c278d99243009359eb08816c1e7eae125fce78b53a |
| CRC32 | 98894FF0 |
| ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for analysis |
Sorry! No dropped buffers.