File name: | track.exe |
Full analysis: | https://app.any.run/tasks/92cf6a7d-0ccd-43e8-aa8a-6d1a6c4fb412 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2018, 07:36:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 593EDF2034F05BBAA5B6EE1A2BD4C0BC |
SHA1: | 8C9C5B3A220286A02A8253DF7369BB376AE9A134 |
SHA256: | 7C771E4E478677F6B57E68FB261D369E38ABC5D0C65506A6330AB66EEA08C355 |
SSDEEP: | 6144:Axz3hsjqGH6PtB1Lti1RRbBwSY2lc7kicx4NxHS5lNOh:uSjpHmtHLORRbBwvQipHSch |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
ProductVersion: | 3.5.9.2 |
---|---|
ProductName: | Achievable |
OriginalFileName: | Achievable.exe |
Comments: | Nuts Snot Synchronized |
CompanyName: | COMPELSON Labs |
LegalTrademarks: | Copyright © 2016 All rights reserved. COMPELSON Labs |
FileVersion: | 3.5.9.2 |
LegalCopyright: | Copyright © 2016 All rights reserved. COMPELSON Labs |
FileDescription: | Nuts Snot Synchronized |
PrivateBuild: | 3.5.9.2 |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 3.5.9.2 |
FileVersionNumber: | 3.5.9.2 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x11741 |
UninitializedDataSize: | - |
InitializedDataSize: | 260096 |
CodeSize: | 117248 |
LinkerVersion: | 10 |
PEType: | PE32 |
TimeStamp: | 2018:01:15 20:07:29+01:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 15-Jan-2018 19:07:29 |
Detected languages: |
|
PrivateBuild: | 3.5.9.2 |
FileDescription: | Nuts Snot Synchronized |
LegalCopyright: | Copyright © 2016 All rights reserved. COMPELSON Labs |
FileVersion: | 3.5.9.2 |
LegalTrademarks: | Copyright © 2016 All rights reserved. COMPELSON Labs |
CompanyName: | COMPELSON Labs |
Comments: | Nuts Snot Synchronized |
OriginalFilename: | Achievable.exe |
ProductName: | Achievable |
ProductVersion: | 3.5.9.2 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x000000F8 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 7 |
Time date stamp: | 15-Jan-2018 19:07:29 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0001C709 | 0x0001C800 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.55986 |
.text1 | 0x0001E000 | 0x00000060 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 1.19814 |
.rdata | 0x0001F000 | 0x0000A748 | 0x0000A800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.06059 |
.data | 0x0002A000 | 0x00004064 | 0x00001C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.09405 |
.trace | 0x0002F000 | 0x000007E0 | 0x00000800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.6781 |
_RDATA | 0x00030000 | 0x00000540 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.57501 |
.rsrc | 0x00031000 | 0x00032568 | 0x00032600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.73346 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.15573 | 1041 | Latin 1 / Western European | English - United States | RT_MANIFEST |
2 | 4.08252 | 16936 | Latin 1 / Western European | English - United States | RT_ICON |
3 | 2.57879 | 1640 | Latin 1 / Western European | English - United States | RT_ICON |
4 | 4.50209 | 4264 | Latin 1 / Western European | English - United States | RT_ICON |
5 | 4.94597 | 1128 | Latin 1 / Western European | English - United States | RT_ICON |
101 | 2.86191 | 76 | Latin 1 / Western European | English - United States | RT_GROUP_ICON |
226 | 6.70504 | 68304 | Latin 1 / Western European | English - United States | RCDATA |
880 | 4.2186 | 972 | Latin 1 / Western European | English - United States | RT_STRING |
2048 | 1.47851 | 296 | Latin 1 / Western European | English - United States | RT_BITMAP |
3065 | 4.52668 | 2812 | Latin 1 / Western European | English - United States | RT_STRING |
ADVAPI32.dll |
CRYPT32.dll |
DCIMAN32.dll |
GDI32.dll |
GLU32.dll |
IMM32.dll |
KERNEL32.dll |
OLEAUT32.dll |
OPENGL32.dll |
RPCRT4.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2960 | "C:\Users\admin\Downloads\track.exe" | C:\Users\admin\Downloads\track.exe | explorer.exe | |
User: admin Company: COMPELSON Labs Integrity Level: MEDIUM Description: Nuts Snot Synchronized Exit code: 0 Version: 3.5.9.2 | ||||
3200 | "C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\tasks.exe" | C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\tasks.exe | — | track.exe |
User: admin Company: COMPELSON Labs Integrity Level: MEDIUM Description: Nuts Snot Synchronized Exit code: 0 Version: 3.5.9.2 | ||||
3316 | "C:\Windows\system32\cmd.exe" /c "C:\Users\admin\AppData\Local\Temp\upd1d21f19b.bat" | C:\Windows\system32\cmd.exe | — | track.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3288 | C:\Windows\system32\svchost.exe -k netsvcs | C:\Windows\system32\svchost.exe | tasks.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3760 | C:\Windows\system32\svchost.exe -k netsvcs | C:\Windows\system32\svchost.exe | — | tasks.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (3288) svchost.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | tasks.exe |
Value: C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\tasks.exe | |||
(PID) Process: | (3288) svchost.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Keyboard |
Operation: | write | Name: | Sivixu |
Value: E33BEA405E3669E50620394FC59CAA6550F2B1A0E9FDBDBBAC9DC251DDDF43109E87DD98E67C02E7276B8C014447ED5EE136879B0A27E58E8E746044736EB88460508E2C6D278324A67247C347188C764C1A877F60D7A019B2EEDE757B650B2834B5E76C279137EDD6028226C813CC89EC9E292CB23613A15ED15BAC09A5F742B0C2A1759BB5A563B5FE4164FDB347654D1C5E6411C7D06C04542E314EE94F1FCEA563EB18EE97C224FA7D4B1E35E8781DB7EBBCCCF68E0AEC892FD38D741B0582C9EE1DC33CACD967C6163C3C945A7CBDAA97A1FE0299C2E74167D292B0604BC36B35711762E73937F28BE1B7792478DF115DA7E73B3D1EFCB295A86D0560763B9297A861B19EE82F30E7AE9E7379077D27B4E71799F21D413BAA9B4C38040073B04D9F45ABA807DDC80D2CEAA831ADF9239EAFC7208DFDFF8C5DA918C026BE95FB0BCB187D4694A15D13E74D93EC4609EA9F48F884EA82E3693B73E8FB3708B506673A138EE6EAC0F9A98F3EE89289B7502ED0B73AF02F1D3CBED784F94AB574283F5CAE51060338FB339CC019CF1EEAADCFBD1FE4350E9AA60FC5B7B63340ADE97C2A4BF06462096D63819F36163C279E7B7ABD509826E4ECDCFC8E024D2CBE4A80F3F79EB1E034440BA3AAF3EDE8FE4B87768A0229CEAE7CC26AC87788BE644B8ADA00C722A6131EC6EB21324B3EE1316E5C6B4C91A24986D299D8E87D9BD281F29B03AD5636396C2A1B890F226C9AF841B0C2E417CC52F951CF041EAD52193EF114F1DB47B385B8D650BC0D0397189325E2F1959AA79C15246C2E6F1016CC0A1A4F477E5E159022CA0A6370204A7389AB3B4CB1F75369A5CC2C7F12E6B545D1C5FF91E6CBD43D29A1655512C2BB7F66AD5FFA6DC03D7899BC3AE0E624AB100861C06CBB5752037892EE0118EAA167A5E81F22A2D96715F65A3C2F9CA8CC10D62CA3607506BE82E15C4FDFD511F1EC2FAC57B6CE83301F10C9288CA65391E4DFEE45F6B4F6A6CEC7A349D03F2022DD3D5E4B317C1159E670E266BB3D88F9661E9D0ABC9A72BC891C889E471B3217848379BC40D2B1738DEF824E63CB6BF9180D9558C652A44292AFF99E076EC0F69E593963E8C893A9DDC979E7B038A6E7254CF0645F0E54B9D341FFBBB59D00A30B3D5EEF3D0D0F5DC1E545F13AA6DDBF071652CE95C5EF1592CA725A667F0F89FD2783191540073E5F7965E3A68AB7DBF37DFAB9964E6230A12109F358A37F45A827AEA414038D8BFB881730DAAAEA5D041AC9A0DBD048831E4557B39831E0F0199D8BEDC431B159E658AAE94238359FDCE0BD454FD6FFEE7D4F303887097246552BB2D8420B413AA46CC28B44783AC3FCD7843A25626D12D3C3055C712F3F10E34DF1B52E684140DDDAAD4320C5E9DBBA65DB3A0A945EBDB53AE947741DAD0C38A818CD3B6BD10B7FA25B7319ED092E9E2CB812EA0252A6812BBA03DC26FD050C3C7DE561F5AADE0D0625C26729D9854000BD24548BD9112898DA356EE54C04215BD5DDFD0DE5846B638CC6A148C017047FDACA2B149BEC1DF41B8757C2DEB1AFAE3389C56B0395DDD01E9CD0DE529F19ECE076C61236213666E1A920D24462A5F407E8BC0644D59E32CEF9EB88514A762A31C4B3D4F12221907139DACFBAB00C8FD61251BD4C8BE45758BEAAAEE7B69F99969006DB3E89ACA9488B055AFF25049EEB1DCDF7D0471455BC47705BC6650E4F31C8D3E0AB669BD6190F29829057F29FE261A6934281CF1F6DA22BD9A38A9E9F1E777867FA7916B6EC0EE2EA968AF42F738F4E205876B2F4EB872C48D1CECE696B3BB0D46BFA5D40869BB1F1DB31AF129AA02DD08345AA42C7A8FD5B5EB94334B1C75D63C4F175646B7DCEE6AD1D41F0A2BA40B484DC234091F87FD9B655E62FCEB9B17E6006988F8A9FEA08C616A3E309B06BF6941C5EECEB07837AC80A491DE98E8A1DD038808F7742F4A2AF3904698B251832ECBBD37ACDAFCC88C909559DACF1EBEC734F6BB9CA5140C20AB5F6FD3F0E3EAB6CA08B0B6C85F13BAE3ED26F28C91688EFB67FEC46BCC7A6A405254A2B45829E432477DE54DE31E3A5EF4409F4C60C6BED8EC7EC3828F5C8AE07029C401B6229EF5EFB4ECB66947ACB689A0894F23887FF871B7B7FF1033A31FD032B3277A74D8EBBE9CD4185014262A04FDFA9B2DF72B57CAE064D4BC8E50E854B27F7C1925ABB299AF3A520BF4C5147650C26A2ED41F45F2CC9C0C7753EDB9EBC02D3DB5B04CB6C2ACD6746FD1555832E7D109F69369BAF91B922D117D912DE3800261588CDDBA800B9353388B53E7D5026077D1A1BF71DBE3084CCEB68F7FCC91BC1EE66E536E1915953A197999CBBE74FF98C175A9CA71668B2772ACA7E90B8240727E6D476A8412A4A40E3F3042BAA978A3E4FA601B1FFE68E347CBDD9165D7352021C32D3CD779B432085B6E35789DB11FEBBD72FD56A9C9994DB6C9992B83BB3198EE13C48B81A19233307D735CE0BBDC91BC1A71BD685AA0873DB658C | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\Microsoft\Keyboard |
Operation: | write | Name: | Sivixu |
Value: 465302F279F839DE80BE15DF6E26BB26226983AF8FD4C956CF22E2F09DB1034455CB28D26AB5872174CD8150C002BD229A5BC44B5427D14B2C5817E52FA96E38FB0926847F86E6A9856D31E5184C8E7341B2AE2F54AA85B5B2356859F9FE58238651A5992E440ABA94AF3020CFAD580BBBFF028542EDFD772AAD79361DF2529AEA879250EC43448C09101E191F7F7171B1B3D188EAAC1EF5EFBAEFD6021D1FB5B2AE4A3A81C7C756408654C5A578C488CA3CB05F13E16E90E2C676F7504E230B6E25E71287A4F4D10614B617FD8ED60594CDAD237F86A5EBB8C457966E48C4D513773CDF29DFC8E435207081FD713E59BA32140FE27ACF2BD8EC91EC31E365FE35601C62509B95EFC5C4AA56C9F1126BB93B1672B80F2458E8BE9D9D3CCD0A8D4356F0C1B428F359E5FA7DB995B6106DC818B1B6BB13F8FCD771C0390D5C7EFEA0F13F319E7425EF997676C21235E461345E65D0923B008521C7668A96D45F2794DF3063B2E8157C35374BDFFCD59246FD46B758910E5C7FECC5CA9BC2297A27173DA3B78C01A0E8AC8C3E9D5E99BA891F99BF4E0BF17E615C9944904E5A2369C61B8483403F84E4A19765072445977F8CFAA49E02DC2845C342AC3914B1A807E61F908EAAD2F3BBC0AEF99BF4CD20C493D16018A7CAA511EBF521A0DC6BD53A7163CFBD2AA0F7152FEE69FD84374B0AE451D93CDE45A6205510EB0592C827C8F106EC2B6C20F45623589536A270B54D21075DBA25887E9A28C0DB9C8920B89B9C097CD89571FA7756A0E18073A8AFBEF81A4F1105F6C62CCF90B3FAE3A960B7C6F53DFC745A90C6B19E11A592488B35CF31A74811EB05FBAD8C121D348837055E3335275E16040B024F5DA424E04729669516C0F63DA8395B1AFEFA9034D3B86CC4FC7B3BE0C735E813E0A7DEF03415A84A00727461A096DD4FB6D63237BDA6F56B487E7B490872F5A082044E3BBF6734364C9421DEB87C1A9CE78D78057F503F6FCA5269C8F0B43A79430E9FEAD0A3F840253E76B5FCA5C7910140582B6D56C64C8B11209FEC3FDEC4801EA8AE253B9D7403F3CD4FBE8D1E0C75C6A7BB63BB720845077ABDFE78BCEC1A1A1108D1186C3A4B3DFEBBA617C7746226E7E195A356437345EE88C2CDF22ACF7855346C23EE464F0FE935F8AA034F0C57BEE2B7F719BCA45B4B079243BFDD109DEF27267CC360235A4E1BA5A14BD9E1C936A57995B0CAA4800B3DBA2FE24CB66FEB5788A55A664BEC36B0777B7F19C9FAF2CE16D70E6701E3E6939945A00AE0731AFBE288B2E1A09EA9BDCDEB80C9D232E184C7A453D72AFBDC6D6F7A537E5F7D9FE4C72CAC82F7E7E7BE893EC6A340F10352549DB0F42E20F588E73CB6EE7A1DC0461BB1815A7C3C884BCACF3B99FB1D90364B22363E9DD15D67B7C33BBF10CCD560083CD4D0B03AE42129BFC5C014C4D22DB72185B04D0F135270A4569785FDCC754DD6FD52FDED8E58B25F226926119BC9096A080225B0F84DF5C8CD239963642FF9A653A4F0E7E2639447F9606D799C5DC667B2CB8669230A6DEE631D8B3707E043CCD9B7DDC97C1D8A52E8C1FDE56FF91F730BD76AF62D6F7FF3CDBF3414DD748FDD21DA0F22BE0A5E1E64AC869B57DD74C2F6BBB4E48849C6D56E055DC8253B215EBEB7D7138CC409BD3BB08DD335FD8ACAC0D88F5AFD3CE8DF319338AF93D17FA97D4A55147242743A926E479ACEA57BEEE568E53E247EAE44AC94CEF397CE07843767320E5C0D7F9E205C3658DED06CA7620EB5CDD2F7613799B1D6E6ECD7FADFAEBC00102D96D7F221DDB639CAEA8F28366DF73C6016624B813E9DA654459B5F6F5437845EA174F9DB724E64A3A7DC390F04E136C51C4BB2C0A71725F2A9C4A71DFF77CF67728FDABB1DE26DBD63DA4780E41BDBF2BBA49BE523A4466CDEAC1F0D23FB1E853B654F82F06F2D8510591869EA20055AC2E4A9102F0D468317D6D67FEC8D2C247161D6566648225CF4515AE688C9C09EA86B3F441573F8F7A4DD1B541A57DFC82BC195C98354C05BCF79D7167D5EE255AA52514E4B8E41C4AEA51F246F2CE9F8C1CEE544A630024342A273D201201F1AA04C2DD8EC699D328C7722A4753FBAD17DD0A5EC5F11C1A4135604DFB1FA602B39B34D56DCA4FEE620F2C28D8CAD5C384FEBA2BF0D22CADA83617B525C87F82F83F2F4BA848035AB6FD9009F9BF999DDFF0D7B5B26703C0E7AE230F80A053F6673D065CB7D98690EF959AE2B3C502E922FC2DF21CD4C6BAB05D99945FB1CE5A7D611028382C9FF9AD450F6FB25E3B7E8DDE50CE27575A1C5321744EF2C2009B15C114E7D67307D80810B3E372A3043EE734882273374888535C656483EF8D62388A162CF4FBDADD8212E7D5E02BD2B9E5D2A92CA1516681CF89A31FA35112B16FFD113EF8D48B9007E616FFED506BE210FC937FF919CF1998933C6CA88AA8A031386159209902067586B116A9DD0983260CAC7BB465DAF2D52DAB2B1A4BCD68D9D31C3663A6063D8979E7F | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\Microsoft\Keyboard |
Operation: | write | Name: | Sivixu |
Value: A4D575E3C60A11669547E497A4A6ED17F49ED305E3768C4F16D68C8DAF3088F5412A52B44E097782D344FF1FB7106D2153022817303D146F0BE591991829025787BBC7DD036035167C6FAB8BF19770155FA4A7919297409CF29BB8B1BA7183826C4965797E0388ADD69503D42CF79CB50265B9628D30D91E7E1ACC0D629960E77F38910AD3DE3BA030085FDB3B365AD1AD1D879641CEF9C8247FA80D3E863B6F85201D804A4EF2B72F623E0ECEF05A0445EFBFBB25095566F702231A8DC4D091E7BF132D713F8C1EF141E48546AF9BC2D1C8189E0AC21FEE0477124EC174C915BA77F685B7E6A4C0004D5C5A293D3A57C4CF0B9905E5DDEBAD872D64932D5D5E875C2B964451CE2F22E949E24FEF87CA775E65EF7B24C3D97E4B186D2CA27E2ACE41EA303056AE14FCAF1A1964C5F4DCFC21F6C5D8B78304A6D872E270F549371F5906BCDA94543D86C9AF2486A4DFCFB1D5C72BE78A067F49278F9A5DE072E65C39F7F6F61F2426622DAC6D91E20ECA157B34B01C21D75F9A1198B32E0F10D2DFA8EEC99C1EDF7C1B621CA84E043E5E186A07D2BE600AF8B060EC93FB12B6C2FA996690D6FC8467B15B35298570A8A95202AF65E1ED7B1AE7498B29BA0AB4CD93FD9F63D8046E918FA53B3C0A8AA32ACE2F16C2735171A74336C2468A4A8213D1612584FE60C6C95E066B81369D2FC27C68C683D3DB9B3CA9FB0B50BEB1B404DB09EFA29A6ECE8ADADF2BCDE450D0DC24B9BDF3E2A5DDEA01B65F3D28E4B6B7A3A5980944F0AC82A8C17B38BAFFA7791ACA575E1600830B89090111EF9E642FAF01B550DEE2BFD2480B0435C3612A3C1F9126FC1842532DC8EC670088DD2B9AA0F0B9CFE3114AEE26AA3B1378D82BBBF018363C9CA76AE76CF33E333FA6C475DC96DB11F82D9C330977F8BE46A659F8B7601C7D28042D3F8838AE2400840335CCDCBD29D9D1BEE159C2FB30096CC3098DF281DB1FD7B8C4894AC0B0A6087975769F6A4DD4DDC94F93418836C51FB37993D65AB5DC73F7BFC8FCCBF946613813E70F114632C24896753F066AD7383AB198F4A823E6822673120C74CE560C023EF7A3451CF044912ED47CA736E14DBD72D65F7FCDC8FE65DF6E2849279AC7B590A367A40C5F79B30E6537080CF317511B53B91648394FB41472B01D1F782BBF7A73ACCA1BC77FF8761A5D86FC5E509DC90C36800C74E5E075CE75A692DCDD6A63EB13037A67DD14236E3C9BF168C4C18BD0FD867A9ED481E0F5C75D841F7AF98294D67969156E73386532AC1E437B169F0D603C15B55786B7A328CDD591A1000EEBAEEA8D276069AD7FAAEA1483492B0E231F11D1C81BF0924923D3937AD10FBCF03D51018121EBA674F90A480DB4B05D58C1BDBC15B319D60D51700A4F679F0B123049415665D574030093E4A73AC6AE50B40705C737CEFF4A351500A0D7DEE63D8CBF22B1BC1E092F4181E93E3318E24114DB01E2CA57FFA904651139F0EA10267F35E4D840EDFC5AD8372789D421CB7D1285AEA626414B1408AEC0981484B387408270FBA9A31700DE299BC100ED38F7F58E11A5B7FCC8278A23F8AF7738BC880FE670181CAB17DE81AC625F8E56232DBE61BF3A213D6051FAB05D1B6D2AC2FC225F76931BF2CB38596B6FF1150C37689B9F8C2FC55284045090784E5CF6B79998D597CD1EDB82D2440724EA4B5F256834EA47B4068296B030CB91B0FA8A87D4696CEF84EE4D0EF85AA3B74C025487D0F49FC060D17DB55BEB57BB89297B94653E8FB2613AB550A0D561EEDF12D86DABED24525E725B6E3DC5DB7AC2ABBF7B27C423355D36BD7C941165F9651FD9E3DD44B6811D2BAC9829DF1FC1B3906F111DD9F4E3B27AB2B80EE5659F256DD4A0C4AC99C97B22CB133036EB1909B6B7BC8EEB1325F81AB560F1ABF893734FE3390D2160D01A8205C6CA2DF3565AD8C15B60B92F00B1EFD8AEECEDB626ED51B2818F6401CB35DD387F9FC463C9CC37CC83F4EE626AA900D51FF7D24C4294455A8366C685E9526BD965591BE380AAA9D7ABD0BB9BC6BB964A3741A4FDB7431D4949AF59C2B2674B8F5EB70C15927A653BC792CBD7A062A8525DA6AA85633418F803C6948952700E0AC921F71CC434F0E5D3FB180D37B46CADFB39FC841A9504B232B58461A3D486226C8567A095A5B562213CF3EA8296910D0E8976A75BD14627C96B664899CBD4B0809296583110962DC381F4C442AF810BB0D1E31DCD23724AFD51BD8A8F9431796605191CF438EC66641F6A60374AEF2432094342A226D5925C48056791AA30DE8550FB5FB63DF20A77A7E14E6AB26AD2F2CB7A509BBFA3FAFA9D6CB8601B519B451552E8B0D57EA192829124C4D7C94C43B9D15E851C85D55CEBD663EDE57CA143FC08755E26E7F2E3382ACDF8D9AAE8AE50529AB5807545F074E0E41A188681BA7D34D50098B79C7DCD253198E772453586E7AE372C50720E8EDC2A13A96E36DCB84219B95825532E2A1A7931B630C95CF7F97592AB585639 | |||
(PID) Process: | (3288) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
(PID) Process: | (3288) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | EnableConsoleTracing |
Value: 0 | |||
(PID) Process: | (3288) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | FileTracingMask |
Value: 4294901760 | |||
(PID) Process: | (3288) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | ConsoleTracingMask |
Value: 4294901760 | |||
(PID) Process: | (3288) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | MaxFileSize |
Value: 1048576 | |||
(PID) Process: | (3288) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | FileDirectory |
Value: %windir%\tracing |
PID | Process | Filename | Type | |
---|---|---|---|---|
2960 | track.exe | C:\Users\admin\AppData\Local\Temp\upd1d21f19b.bat | — | |
MD5:— | SHA256:— | |||
2960 | track.exe | C:\Users\admin\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\tasks.exe | executable | |
MD5:593EDF2034F05BBAA5B6EE1A2BD4C0BC | SHA256:7C771E4E478677F6B57E68FB261D369E38ABC5D0C65506A6330AB66EEA08C355 |
Domain | IP | Reputation |
---|---|---|
handerope.top |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |