File name: | f1463e608272a17277311174668cc8a67bdffc60267613e6e853c98542ff9e6b.exe |
Full analysis: | https://app.any.run/tasks/25fff109-50d4-4fdb-8e3f-e1894a70d697 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2018, 17:58:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 99820592897D0FDE194B51086DB4F5FF |
SHA1: | 8D7CDDA5D3D0BCA2A5D7B3CE5BABE48D99E9F113 |
SHA256: | F1463E608272A17277311174668CC8A67BDFFC60267613E6E853C98542FF9E6B |
SSDEEP: | 3072:YdRB9x3vpxWG56U4C9c6iPf3HylpJmmo8zx3vpSvOP:Yb/xfpV56Bwt3qexfp |
.dll | | | Win32 Dynamic Link Library (generic) (38.3) |
---|---|---|
.exe | | | Win32 Executable (generic) (26.2) |
.exe | | | Win16/32 Executable Delphi generic (12) |
.exe | | | Generic Win/DOS Executable (11.6) |
.exe | | | DOS Executable Generic (11.6) |
Subsystem: | Windows GUI |
---|---|
SubsystemVersion: | 5.1 |
ImageVersion: | - |
OSVersion: | 5.1 |
EntryPoint: | 0x1138 |
UninitializedDataSize: | - |
InitializedDataSize: | 12800 |
CodeSize: | 151552 |
LinkerVersion: | 7 |
PEType: | PE32 |
TimeStamp: | 2015:05:18 02:33:09+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 18-May-2015 00:33:09 |
Detected languages: |
|
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000080 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 4 |
Time date stamp: | 18-May-2015 00:33:09 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00024EE0 | 0x00025000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.87946 |
.jdata | 0x00026000 | 0x0000277C | 0x00002800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.61655 |
.zdata | 0x00029000 | 0x000002C0 | 0x00000400 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.148 |
.rcrs | 0x0002A000 | 0x0000059A | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 6.78319 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 7.18899 | 1280 | UNKNOWN | English - United States | RT_DIALOG |
cfgmgr32.dll |
cmutil.dll |
kernel32.dll |
modemui.dll |
untfs.dll |
user32.dll |
wtsapi32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2788 | "C:\Users\admin\AppData\Local\Temp\f1463e608272a17277311174668cc8a67bdffc60267613e6e853c98542ff9e6b.exe" | C:\Users\admin\AppData\Local\Temp\f1463e608272a17277311174668cc8a67bdffc60267613e6e853c98542ff9e6b.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1260 | "C:\Users\admin\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\JavaDeployReg.exe" | C:\Users\admin\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\JavaDeployReg.exe | — | f1463e608272a17277311174668cc8a67bdffc60267613e6e853c98542ff9e6b.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1264 | "C:\Windows\system32\cmd.exe" /c "C:\Users\admin\AppData\Local\Temp\updcca1f0fd.bat" | C:\Windows\system32\cmd.exe | — | f1463e608272a17277311174668cc8a67bdffc60267613e6e853c98542ff9e6b.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2976 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe | JavaDeployReg.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2508 | C:\Windows\system32\svchost.exe | C:\Windows\system32\svchost.exe | — | JavaDeployReg.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (2976) svchost.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | WarnonBadCertRecving |
Value: 0 | |||
(PID) Process: | (2976) svchost.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | JavaDeployReg.exe |
Value: C:\Users\admin\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\JavaDeployReg.exe | |||
(PID) Process: | (2976) svchost.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Loabpy |
Operation: | write | Name: | Kike |
Value: 6EDAB411CBDBDC335D397421FEDECB262391D00F88C7163B093691B9BBCF4020314B4EE4542B0A4642B0A0C41D02FBC0013D6DADC0A179B37DF4F161632028C76360CF4129F2C1232E839531B3426C1A28B83F76B1CBC56111302FC3A5BC689C771788ACBBCD18B0909764684910FCCF0B93A41F66CDCD32036295BBF2A8FA1575C4BD91F4E4152EA1172F2A4ADCE4030721E211B0AD7F19F12249536F13020620577ADE74A5F07B591F5ED4D8C5EB211EDDF1C85A9F3A1CA7978A26C29E20B2F0ECF0D06E6E646ADA9C9713502DC995797195C0ADFDCE7B97EC8D52F720B6F157DD08A12E44B843061A483A26821DA26EA9F361B430382893C2FC6BBA28AC39BBD12D3FE785B07895C96E1BE670FC37E9DA6C81C55B3AE2DC401C6A3F4AE6412DF9DD727AB2B61170C15C53E4BEDFB4D3AB0425024CEBB077334393890FCCE25DE02F737B7121A8C8E4115D7FCE1BB2C7406AAAE98A0AC7139F83C5BF443605A253B2D43E5DBBB09189C5A0C86DF77F9F5DA5B98E5F4D1742117D018455F198284A134F0BD59DCD445BE720EC24EE5871EDA38605D6F373342D27332675C76319553829DE42B3E2EA8D52D165F93FEC52236C4809EFED70DC1287428394CAB423F39E99C9FAFABEAE0BF4A4D94F1B2CD73486AC15BA346A7EEDF9B1EA32D1C0CAF540812F83F14CDCF2E35C9110EFE7F87AEAEC85DAED19C8FFCD9ABA652FF86FE448D1995C1236970075A294BAD10E4B33D0E0F5B27FD01326B6B2E2AA7DA038FF2D2A3B8C4C2B25A62B54ABD607261D520BFC3C6847DDFF8A65742AC4742E18C39145D245E1D0494E8A7D3962E564E91BC944562C9632B70E6657E7887BF8124A6B0211DA7B83447017C1EF1E37185AC795D028FFF3A0A796CBDFCEE0ACBEEF46BA70F770BC425DA08E08F51E5A16D0AA6906F89517CCE773F688577AF06E1F42D303222F958289BAEC4F9976E477B717C6444BAE0E282AD5D1890FD7A5FC6FCB5338B90AD82F2EFDB7AF35E204E380614C52EB52F2CE97B4DD6B7E647429684B09CBA322DEAAD4C2BDD6EDD150CD7E5F91DCB828A3AD5FE70BF35D031C51A9770E5ADA8CA357C81F06EDF5546B39E0F3C4C18C0D33ED86840F9FC71603E9F5E8500BD3F9241A9822EC690399769257B573CFF710004BADD11F33015C4C7BDDE37255251B9209C55E2A927E1203D97999CBF368C9136609DA23E580B904443F523AB59FCFCA06F3E15EE539F308EE768BA2CE9EE83CCC0B26E7CEB2B854D40E44D225E7597122EBB06AF052CA180306F7C382AA0C206D8A0629027CABE3018243D081FB043447EACBA822D98805BE9EC48F4EE69A2AEF4F14F3980A4479DEDEF542D6CDF7540487264DF44B0CB07016317A5C25F68744C5629B1EEE4A813D7AAF562AA760F700F0B927F974460C5B6D43988688B16E232822B48F0CB608666F0AF52AFF09677E2269EA334B63A057CF38259F78CE168238F94BC592CAADEE4A76A54426F8D032D451235F7A76EEC95D525AFC868DB7BB7896716645DD5E8B406607B661F1A304A2A7EFF883ADF61C3FA87D88847502FA134B8A12EDCA436B660C1A6AD983E439347AEFCC92DAF67AB5D909128D2C3F29272B605D240ED5041D7C7112961C7297DE363A2812AD92934458570363376B2D948A76A6E7BB264EF149FB89190FD12FF1A3019818A702A796307D60201B42A5301E4406F6D3F1F85D388ADF9422655B42E52F808E9EE67BFEB9B6BC667BF4A0C9C4DBB49D972388132B4B4CF8D100FFA6D4C7A601DE13CF7D7ABD22E9473AF476EB62931D8A12CD09E2228B60EA652B19522CFB695CF1BF0C9FAF3B193AE353B995EE530E94BB0BA441003DA5D022F34173BAC32FA605F2F6D87238A81784B743C42911240E1FFD2734CC3D25B851C43845CFA3723F32452D5B5305F0D5353013AC1DE03B8578B25D55FCE3618F17271E8A0939A091E410413A68131D6445E80124AF09E4991D1E680AAF24711F81A1B5D57165582875E65DB1BD2FDB8FD88B4D2459C0AFFDBB425AA5E294BB37A99B733B42C0995FE0ADA703ACABBCB972D5966F9A61E857F3C317DC2ABD74B946309801D3402C398133E12C77C6EBA1104A18FE9C354805F4132C925DF8A6015A6547284B3543D8062D0DA8097ADFCA77C3953CF1B668AA09029EB3B9C0645BAB561148E40E7615E81009EFAE694A47CA1C5BA3443EFDEE144449C6DB0222D9583A11F045C900B673FB8182332892B1AC615B419CFFAEF45FD7DA2763397A7654E816839AF5DF75BA156AA5E6E99D05F086E7A23941CD4C2CD73F0E1DD03EF3E7E4B354038BDD3B278320F838700E6B8A53DA6616B2DA5C568843FED9F06CB92954425C77919B577A536EAA9DE332FCB12245EE00000D280C571919E23D4E9EE19D669A0207D18C28C973602DCDFCC7629E98C81209790D213C416A21DDE0ADEF502DE5804F39258C1B724DE94FE426A5393C5CDAB5FF6DFFC481D5F4E3BFF8B242293D1C66AD464A8E | |||
(PID) Process: | (2976) svchost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\Microsoft\Loabpy |
Operation: | write | Name: | Kike |
Value: E999A911F9FC54140C9D38EF9B05F0887B91BD8160B17EC54382DB0130DA6744856A3B5E07AFA877073950C85999115C8774A6261523872A8C1B749D20CAEE21A18FEB3F13813391BB8577F56D65858AB9C9E9A3399627F78DCBCCF3D4C75F605A351E6C91B6543EAD62A021F3B42CFBD231287CA5D43D9DD7FF3DB1510842E64B7008965E751E56ACA6642D71C1AAC463D0BD2BF8EF7CB98E1D56C6AEED7C71BEC1F7731387F8D1B04F3A947FD41CDE70FC05BDDD0D7FABA34ABC91A8FBC57D248C5297BBA4FC59148678F498A803660B6CCE4A1874E84A67E6C2764E4CAF4818037C59C81C6D53AD3AFB8129205713D86BF44FD868F32B697E649A54CC8BEAE7844619D65BEC5C8555F2FA6141349686F6D2A111FFA589DA5B988FAFD369860F74012FBA68E9CB6DD263C40589703D3B35B89626D4A490AA4295A828F19514DF70EA4D77575397B380EB6F8ED1690ACC14B09D208CA0C79DB1BEEF6C273E6BC641BDA64D0B7B9B8F3386FE145C0E3A3BC66B6777C8C71C4FC4609D6E6E0001311D1D0358E3839E10EB7B70D64990F59BD209B1C7C6DA6C6CC67C2E7AD9A3B0F242D4D5857E1A74E1DAF45D1969F20AEA0A6D1A47239195D07501D5B9DB04E75DCA5A30C1ED06D196237DB2180B59E94B121E5E29FBEA1D969642B826DF4C9F36C2C2E21511CC534DA39E6BA7BF0E4DE8DEA20AF8A91E35B5FB0EF4B627A6C0996BE4956A058B59416B8C1A658D0A58DAA2B6B3E556FCDCE3B5B2DD192E47BF329C6ACC6106E75AE4B0E6A41DEB3BF7F83310C65E76A5D990F35F39E870B86C84EA7B030439778B897D0D371A5C33A6B2589A7E410D7EB06938C4797EB9A016C0FE69EA791DF73B015C88D890A60387D1177D0988AD5E9BA96416A022A6B89186CCEA34BA6BB33E0D293C87467E3B74386EAB22B0206CEA8D980D6458856AF99EC1F8C83F5C81C8017BDE6E28C0F847DE9B195A02B61386C32B5ACB7A61D9CA6DB07D6C215E70AC9B0595B8D2115722E67D96970507B7DE956F6B5E912366C0D1AE9BC03C4163C40F48BEE61F98C91E7F5719E35845FC777ECF36954182EA3F907A706E7399E28F21A7B93C9E5F5D64E2E72D744460F2B016425FCE3D1A03DFF9309722F61C74C891193A2224B1A2A55A252F7F22331E7AF37F146CB9FA7A7E2029E0EDF5C197ED0BEACD688DC92454D464E8548FEE5CC27656C83E1363078CEBFBF8D55E95447D7861EC343AE3BEF28A08DD4FD243BA16D5FBEB7E5D2AA1D9627B02D83AF955C0A678E4376106D2E80808A17182ADD0F675C9A191E8B552CFD8DC545AD03CE38562876F62B17CA9284FE1459C0D2045F4E378F2B9FB54264F6060A0E06304AC0A0D96B5EDA94E5E55415A68B6238815FE5398B5858202770F4D570E2D918B649D47D8868D2E5C8956B4D82E1AE06DED3B96F7A8B8F54397E14A209FAEE29FB525F5F3AD9339E5DED92FDE71D37C74FE0DC6757B686FDBA3069C4A9F26558CC1A5D31F82ACAE98F0C83E99BD25187CBCFD196FB69BA0CE8B4E69D8DAA840E674C6F13A6841150C48469E946FAAF93919C7F2927AD0B9CB8DC430CF154499D3A864973CBAC8F3F32C9A1A4B7C47436790F060F645477C8D99AF18B9376A3646D586A9AB71937BBA106C53453E8AAB39D170B750FFBE36C8BF210BF9A32C3095D97FF24B6D95E1F0155AE64B44627533E949B5AF989226962742BFA365BF26E7BCD2D047AA56E8253873C314E13A3CB1189123EA8649CCD58A425101DD81351C46C403F0D617F583A689AB38483B3057B875DBEB1ED79742964184905BD5424F69204AA09BBAF48BCD0FF959F424189B8BFE51219C74505582F6275FAD22A450020A702443BD250131FA531D239EA91177D7EC15C97AAC446C790EEA9B2F291003DDDDDEA931AB87155A431C019F2EE117A52611D4FE8F5D316D53294237619B377F73D047350095AA195331F715CEC75D224D3D953C89E9C60003A7BF54B40114C3A8CC4EDCF32CBB81AB9D1AFC0635B6DF47B03F811E95F026BB83580AB00627B00BA6DB1029F35B85E648C979133894DAE9A2150802A38905388B891ADD8F4028809D1731CF31ACB0F13EFFFF2775DEE6361E49B836335C8574DF22946AA43A94DA7E52D3C3F903B900A2062A0950B0E07CC501A29A6AA47DC1BB9CD5C2F8B30FA358978D8CFCCFEB2C7C1DEE24FF88E8663DC863F87E759EEC0B1A92FF3265FC019CF5F09675E7EEE73C299077C25025864179595D8B1FBC458E58F884D26B6808E7CC7D689247696C0231743B1734BFCB162A48EDFABD51560A5FF781CAD2567341709D964AED4A89A055423DEE195F65BAAD5024E4D8306D6102DD505A4DF41EC6395ADA5BB4A2367B77ED4C20DF1A168D5A0520FC58F250FE345886AA9F450AC2950D490A153F41635CA810AB2941EFF273D4F7D7548AB78F12CB883155C37C86A4AA8E759EF50A1C8606C77BB16B2B6C08DD495B2BE48D8C3AAFC38E60060873EBAA8E5072E3 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\Microsoft\Loabpy |
Operation: | write | Name: | Kike |
Value: F9341416F873F2234A44A57DA925ACF08ADE3D71FA4B8D9EFE8EF2EAF6BDDB1C2D2AF5A85078566DAF983C8FA96EB91543957565658D836D51C14DA2960850BBBAF8ABE661085ADB9BF6FDF06A26183D114316E4C71DB718D96768D8D3526B84BFFD1A9BCCC02094FC4D7C0A866CDDFA007CD43058DC0ADD2F6C6B71DDB6974D6CFE90227E7EB75FC93CA5A17316435620FF5F6AE2A2925BDBB6EE609C0B925980E0609B14A92830D6F9130653B4765B9CE85BFE9A39BC758294CD16651961F95C168A7DC9986CD3E588077BDBC23C2551478EF7CB638293D12C690ED731BE787E5A202170776628B40D3C8B57D7107B2DAED4BE6E9D4B2EC307453CCDADE5128D31313C8594991E1ECA6BE0AAC8160C9770B3FB6030F7205804630B0DEEB510B5F8FF1BDAE869E270EDED2DF3DB9BD7F638F30DD3B679001179A04413FB40204AB0339F5C11BE53A7D335DF41B6D06253DED0376CDBB3DDE05B7579B5FBF134B96A7179BF945C0AB1BC994BECC3FAE85731BAD5EB3F4D2957AA3C7813826C9FE2DFBA45766F2231B5D7ABE9E137859E65EC3732DB5B5314BBD32BA7FF0C85117840C46D2157CEC08D179ADB00FA3387537D007C90100462917F0225431D4AE35C3461B4DCA33F4722DB309AAFC9D387DDA37EA42E472485E74C2443F9E73D4E9ED3A0D37FEBB9CAF2A8F8F2AA2813F66F7FB31433627ECCC433BA62E0AEB243897DF5F014C5CE2292B6F1B206AE30CE320BA8B46D6A55D8B9F1EDA513FFC2C29558C7433434E0784B494979F6955139B9C18BF35CF73848B53C35EB4FA20C9902C657E3CA887E0E89988DE191818E5959B470E07126E83D559C07D8CD2CB566B7613EFFD90EDD9A9337C19E24C4E0C1C0137C266C6BFB73277E321F76BF4B4BDF07F085E8F9F1E1BF61A49184A6910C6F95BDACA74AA3FE1C5E69D2771220F5BA8123F3A46CF9758A0ED0BB718EAF83FB87A0E46450941F7EFECDDE59EDADE30F562BCCCC18A4302970A338D35B75DC8A7AC2A60230EF0E0CFA314FEBB7F36B1B5E974EF29ED7CE7291C8D72E25ACAD8ECF427131379A0E2E8FCCA58CBBCB8E4BFD9A2C939671A423EB956975CC4779B0FC25BFE86E9235169D4586F65922E63C04A2EDDB5A3A74D43E524B95746F4E4BEDB848AF5977C0CCF8F92E56661D821C1E9B9020DE7ED70866885D5F577686A8D3B3660ACA1241B287800F0062C21FF4DE7536F889D2325C0A21ADC249A6D17D6B7AB015EF7644E33F4B820CEA8A07735292E154D7E78916E2B7D2986994A04E292EFDF1FF5794282A0AAC842FB74749867EBD0C454DD5F1C8248B8D201D475BAD9F1873E7E578891B394187057783A2C2FA77296D6280725AB3AD7698C479AF124C72A742CD5E570EC671FEE10496A92AE26369D5F5408BED803D36DB9B083A004BF207D65A1E3A149EE0A79EB73F36E20161B0C292D33D89060E945B1085E9DC0EA7B9161113D3B4A81DF480C134C9DA7F8CDCB3CE5BA324991F1027524BB72E190496BB024083CAE062EFE27DCBD243324E003155C2B4C2F83F3D81FC9762948545DA711D7F95DAF792EA6B05F64EBD0483CE745EA711A7BC77DB0805A3D56EA3EDF9CC0AEE8181CB2E7D92F455615AEDDCBE254A0C437B769390394110B4F79EB0A1001AF0B86E700B946DA5FA7DFEB7E4BBDFFA97C09712B5104FDC83F27AEA0F2EE5C6C012BB9BA412F0DC2C35E14675AA18BCFFA92C3A7C685D3F95782081C048258D7D3FED789DB8F2A380B0A11853270A4C9BA5D92EF749F2BE05082DADDA58E826714BDC6D5F80EB2BE32E3F6D8AD2CC80F77A24A2ED095BE714131315E6D41C1DC6B383A2363507550480C74EC6AD1D2E41BCA9151DB897F96E1BA30F4BE990552430DC2511A3C96426B9344EF73B9D0E689360986E613320F6619E1CFBAA1365390C9E9A3F8C8158A1397075C9280D3496A8311AB79F346199B032737DC7FED1D949FBAADB6740BD62E34E8C9CDF962219A26E2A06611C477F74801DF5100DF0F06FFD083DD674DC05902B893F2623ABB80761661A8263AE6976C7E6E07B50215A8C43256E44DBB86A97AED540C188EB33DDD39962E5A53AA61D729FE71FF3E12A389486A64B4F3275872EFF5A90C7243EEACA9C619FDF57C599049CB7A4594A7087F399A216EA3142A87CC613F84FC47FB555534224D02FC12AFF4E0B3835CB0A7E5E8658DD5B527C47FCBA5CF627720320E3F9FA08A47991B1AFD817AC5B745B8812CD9CA1EB118DF44E6EE9BD8D6E36D3FED78D9EF671E306DD4B9741F96E396BBE76A42191A62440B8200D0EF41DEC3D4577797A4876A432906D6CBECFBC196E2C3FFEF8E20F7200C94F210D59DDF876D4AED44F07ED2821FF94D8B855D09956C248F45703AFFC74269453AF5C735E7D969E2EDFA9B73125433A8FB816C618BFD8B02DFEA0DC2A6443D560C74C167BC938F48428BC48A074159CB2DF316A119F1BF28DB871E548FAD7E1D01088ECAD288E10BAC815E5C2 | |||
(PID) Process: | (2976) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
(PID) Process: | (2976) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | EnableConsoleTracing |
Value: 0 | |||
(PID) Process: | (2976) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | FileTracingMask |
Value: 4294901760 | |||
(PID) Process: | (2976) svchost.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32 |
Operation: | write | Name: | ConsoleTracingMask |
Value: 4294901760 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2788 | f1463e608272a17277311174668cc8a67bdffc60267613e6e853c98542ff9e6b.exe | C:\Users\admin\AppData\Local\Temp\updcca1f0fd.bat | text | |
MD5:BF9EC68B5AF3ED143ABC39A28BCA89C0 | SHA256:86B3CFF04F06BEE091B731B9E296C1FB0EDC37E9FCB1B1A398170E6CAAF97911 | |||
2976 | svchost.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.js | text | |
MD5:FA8BD09404C681E25308382E70D8DEB2 | SHA256:296F4F814FD022602A24435047F0F44816CF900211FB2FBF32FE068DE15BE261 | |||
2788 | f1463e608272a17277311174668cc8a67bdffc60267613e6e853c98542ff9e6b.exe | C:\Users\admin\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cache\JavaDeployReg.exe | executable | |
MD5:99820592897D0FDE194B51086DB4F5FF | SHA256:F1463E608272A17277311174668CC8A67BDFFC60267613E6E853C98542FF9E6B | |||
2976 | svchost.exe | C:\Users\admin\Desktop\Google Chrome.lnk | lnk | |
MD5:1396986376C8CBC99462D2EF4593665E | SHA256:BE0D318B7B928905B8ABDA7BCED5650F4D3A1242D66277FC6ADA17DF0EA04312 | |||
2976 | svchost.exe | C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk | lnk | |
MD5:37BADF5B93F8B5F269B99A82FA4F8B08 | SHA256:3073939456F5D291426DFDEFDF6C302EAD6E74BB487FF9664E198EF2794D7760 |
Domain | IP | Reputation |
---|---|---|
mealsanywhere.top |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query to a *.top domain - Likely Hostile |