5.11_setu p.exeĬode function: 0_2_00405B EC GetModu leHandleW, GetProcAdd ress,lstrc pynW,lstrc pynW,lstrc pynW,FindF irstFileW, FindClose, lstrlenW,l strcpynW,l strlenW,ls trcpynW,Ĭode function: 3_2_00405B EC GetModu leHandleW, GetProcAdd ress,lstrc pynW,lstrc pynW,lstrc pynW,FindF irstFileW, FindClose, lstrlenW,l strcpynW,l strlenW,ls trcpynW, Source: C:\Users\u ser\Deskto p\ActivePr esenter_v7. Standard Non-Application Layer Protocol 2Įxfiltration Over Command and Control ChannelĬontains functionality to enumerate / list files inside a directory Remotely Track Device Without Authorizationĭeobfuscate/Decode Files or Information 1 Report size getting too big, too many NtWriteFile calls found.Įavesdrop on Insecure Network Communication.Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.Report size getting too big, too many NtQueryValueKey calls found.Report size getting too big, too many NtQueryAttributesFile calls found.Report size getting too big, too many NtProtectVirtualMemory calls found.Report size getting too big, too many NtOpenKeyEx calls found.Report size getting too big, too many NtOpenFile calls found.Report size getting too big, too many NtFsControlFile calls found.Report size getting too big, too many NtCreateFile calls found.Report size exceeded maximum capacity and may have missing disassembly code.Report size exceeded maximum capacity and may have missing behavior information.Excluded domains from analysis (whitelisted): gstaticadssl.l.,, , ie9comview.vo.,, c.,, ,, ,, , .,.Exclude process from analysis (whitelisted): dllhost.exe, rundll32.exe, browser_broker.exe, RuntimeBroker.exe, conhost.exe, CompatTelRunner.exe, svchost.exe.
0 kommentar(er)
