String found in binary or memory: s.python.o rg) String found in binary or memory: syndicatio n.org/2006 /appsynapp licationap uputil.cpp upgradeexc lusivetrue enclosured igestalgor
String found in binary or memory: syndicatio n.org/2006 /appsyn
Source: vcredist_x 64.exe, VC _redist.圆 4.exe exeįile opened: C:\Users\u ser\AppDat a\Roaming\ Microsoft\ Windows\St art Menu\d esktop.iniįile opened: C:\Users\u ser\AppDat a\Roaming\ Microsoft\ Windowsįile opened: C:\Users\u ser\AppDat a\Roamingįile opened: C:\Users\u ser\AppDat a\Roaming\ MicrosoftĬontains functionality to download additional files from the internetĬode function: 9_2_00AE5B 3C Interne tReadFile, WriteFile, WriteFile, GetLastErr or,GetLast Error, Source: C:\Program Data\Packa ge Cache\\VC _redist.圆 4.exeĬode function: 15_2_6D276 7A4 FindFi rstFileW,F indClose, Source: C:\Users\u ser\AppDat a\Local\Te mp\vc2017\ vcredist_x 64.exeĬode function: 9_2_00AB65 29 Decrypt FileW,Decr yptFileW,Ĭode function: 9_2_00ADC5 20 CryptAc quireConte xtW,GetLas tError,Cry ptCreateHa sh,GetLast Error,Cryp tHashData, ReadFile,G etLastErro r,CryptDes troyHash,C ryptReleas eContext,G etLastErro r,CryptGet HashParam, GetLastErr or,SetFile PointerEx, GetLastErr or,Ĭode function: 9_2_00AB57 A2 CryptHa shPublicKe yInfo,_mem cmp,_memcm p,GetLastE rror,Ĭode function: 9_2_00AB67 47 Decrypt FileW,Ĭode function: 9_2_00AB59 19 CryptCA TAdminCalc HashFromFi leHandle,G etLastErro r,GetLastE rror,Crypt CATAdminCa lcHashFrom FileHandle ,GetLastEr ror,GetLas tError,Get LastError, WinVerifyT rust,WinVe rifyTrust, WinVerifyT rust,
Uses Microsoft's Enhanced Cryptographic Provider Remotely Track Device Without Authorizationĭeobfuscate/Decode Files or Information 1Įxfiltration Over Command and Control Channel
Eavesdrop on Insecure Network Communication
0 kommentar(er)
