Edit tour
Windows
Analysis Report
CuteWriter.exe
Overview
General Information
Detection
Score: | 24 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 20% |
Compliance
Score: | 36 |
Range: | 0 - 100 |
Signatures
Found direct / indirect Syscall (likely to bypass EDR)
Installs a global event hook (focus changed)
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTML page contains hidden URLs or javascript code
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
Analysis Advice
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample searches for specific file, try point organization specific fake files to the analysis machine |
- System is w10x64
- CuteWriter.exe (PID: 6852 cmdline:
"C:\Users\ user\Deskt op\CuteWri ter.exe" MD5: 4BA5A70C0123A687EDD954946156C04F) - CuteWriter.tmp (PID: 4632 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-NLV SG.tmp\Cut eWriter.tm p" /SL5="$ 20446,5944 588,56832, C:\Users\u ser\Deskto p\CuteWrit er.exe" MD5: FFCF263A020AA7794015AF0EDEE5DF0B) - Setup.exe (PID: 6500 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-8HL GO.tmp\Set up.exe" /i nscpw4 -d" C:\Program Files (x8 6)\CutePDF Writer" MD5: A8EFE2A017079497FE948191F8904A17) - converter.exe (PID: 2416 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\\conver ter.exe /a uto MD5: BF9F58A65F6954406E6DCD29BB458A19) - unInstcpw64.exe (PID: 2652 cmdline:
unInstcpw6 4.exe /cop y MD5: 7B17AE1C9AED3C8C89FF6CDEF68F9FD5) - splwow64.exe (PID: 6904 cmdline:
C:\Windows \splwow64. exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73) - chrome.exe (PID: 5224 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// www.cutepd f-editor.c om/support /writer.as p MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2540 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1876 --fi eld-trial- handle=164 0,i,135900 4446773280 0076,83525 2408744534 6693,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - OperaSetup.exe (PID: 2520 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-8HL GO.tmp\Ope raSetup.ex e" --silen t --alluse rs=0 MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7) - OperaSetup.exe (PID: 7228 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\is-8HLG O.tmp\Oper aSetup.exe --type=cr ashpad-han dler /pref etch:4 --m onitor-sel f-annotati on=ptype=c rashpad-ha ndler "--d atabase=C: \Users\use r\AppData\ Roaming\Op era Softwa re\Opera S table\Cras h Reports" "--crash- count-file =C:\Users\ user\AppDa ta\Roaming \Opera Sof tware\Oper a Stable\c rash_count .txt" --ur l=https:// crashstats -collector .opera.com /collector /submit -- annotation =channel=S table --an notation=p lat=Win32 --annotati on=prod=Op eraDesktop --annotat ion=ver=10 8.0.5067.2 0 --initia l-client-d ata=0x2e4, 0x2e8,0x2e c,0x2c0,0x 2f0,0x6c18 21c8,0x6c1 821d4,0x6c 1821e0 MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7) - OperaSetup.exe (PID: 7624 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\.opera \Opera Ins taller Tem p\OperaSet up.exe" -- version MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7) - OperaSetup.exe (PID: 7716 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-8HL GO.tmp\Ope raSetup.ex e" --backe nd --insta ll --impor t-browser- data=0 --e nable-stat s=1 --enab le-install er-stats=1 --consent -given=0 - -general-i nterests=0 --general -location= 0 --person alized-con tent=0 --p ersonalize d-ads=0 -- launchoper a=1 --inst allfolder= "C:\Users\ user\AppDa ta\Local\P rograms\Op era" --pro file-folde r --langua ge=en-GB - -singlepro file=0 --c opyonly=0 --allusers =0 --setde faultbrows er=1 --pin totaskbar= 1 --pintos tartmenu=1 --run-at- startup=1 --show-int ro-overlay --server- tracking-d ata=server _tracking_ data --ini tial-pid=2 520 --pack age-dir-pr efix="C:\U sers\user\ AppData\Lo cal\Temp\. opera\Oper a Installe r Temp\ope ra_package _202404172 24118" --s ession-gui d=b69c0d3b -1d60-4a71 -a3bd-8c5c 22cda97a - -server-tr acking-blo b="YThhOWJ mMmM2OGU3M jdiOGJmODc xZmRlNTU1N zlkYjYyMGV kYzBmZTg5O GNiYjI0MTA 4MWRiNDExO Tk2NTA1NDp 7ImNvdW50c nkiOiJVUyI sImluc3Rhb Gxlcl9uYW1 lIjoiT3Blc mFTZXR1cC5 leGUiLCJwc m9kdWN0Ijp 7Im5hbWUiO iJvcGVyYSJ 9LCJxdWVye SI6Ii9vcGV yYS9zdGFib GUvd2luZG9 3cz91dG1fc 291cmNlPWF jcm8mdXRtX 21lZGl1bT1 wYiZ1dG1fY 2FtcGFpZ24 9Y3BkZl9zb 2Z0Iiwic3l zdGVtIjp7I nBsYXRmb3J tIjp7ImFyY 2giOiJ4ODZ fNjQiLCJvc HN5cyI6Ild pbmRvd3MiL CJvcHN5cy1 2ZXJzaW9uI joiMTAiLCJ wYWNrYWdlI joiRVhFIn1 9LCJ0aW1lc 3RhbXAiOiI xNzA5NzUwN jU3LjEzNTc iLCJ1c2VyY WdlbnQiOiJ Nb3ppbGxhL zUuMCAoV2l uZG93cyBOV CAxMC4wOyB XaW42NDsge DY0KSBBcHB sZVdlYktpd C81MzcuMzY gKEtIVE1ML CBsaWtlIEd lY2tvKSBDa HJvbWUvMTI yLjAuMC4wI FNhZmFyaS8 1MzcuMzYiL CJ1dG0iOns iY2FtcGFpZ 24iOiJjcGR mX3NvZnQiL CJtZWRpdW0 iOiJwYiIsI nNvdXJjZSI 6ImFjcm8if SwidXVpZCI 6Ijc4YjU5N zQyLTQyM2E tNGRkMi1hM DNkLTg5MzU 2YWNjM2ZmY SJ9 " --s ilent --de sktopshort cut=1 --wa it-for-pac kage --ini tial-proc- handle=680 5000000000 000 MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7) - OperaSetup.exe (PID: 7756 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\is-8HLG O.tmp\Oper aSetup.exe --type=cr ashpad-han dler /pref etch:4 --m onitor-sel f-annotati on=ptype=c rashpad-ha ndler "--d atabase=C: \Users\use r\AppData\ Roaming\Op era Softwa re\Opera S table\Cras h Reports" "--crash- count-file =C:\Users\ user\AppDa ta\Roaming \Opera Sof tware\Oper a Stable\c rash_count .txt" --ur l=https:// crashstats -collector .opera.com /collector /submit -- annotation =channel=S table --an notation=p lat=Win32 --annotati on=prod=Op eraDesktop --annotat ion=ver=10 8.0.5067.2 0 --initia l-client-d ata=0x300, 0x304,0x30 8,0x2c8,0x 30c,0x6b5d 21c8,0x6b5 d21d4,0x6b 5d21e0 MD5: 3C51B6EED283BBE7D10772DDE9BFFFB7) - installer.exe (PID: 7120 cmdline:
"C:\Users\ user\AppDa ta\Local\P rograms\Op era\109.0. 5097.45\in staller.ex e" --backe nd --initi al-pid=252 0 --instal l --import -browser-d ata=0 --en able-stats =1 --enabl e-installe r-stats=1 --consent- given=0 -- general-in terests=0 --general- location=0 --persona lized-cont ent=0 --pe rsonalized -ads=0 --l aunchopera =1 --insta llfolder=" C:\Users\u ser\AppDat a\Local\Pr ograms\Ope ra" --prof ile-folder --languag e=en-GB -- singleprof ile=0 --co pyonly=0 - -allusers= 0 --setdef aultbrowse r=1 --pint otaskbar=1 --pintost artmenu=1 --run-at-s tartup=1 - -server-tr acking-dat a=server_t racking_da ta --show- intro-over lay --pack age-dir="C :\Users\us er\AppData \Local\Tem p\.opera\O pera Insta ller Temp\ opera_pack age_202404 172241181" --session -guid=b69c 0d3b-1d60- 4a71-a3bd- 8c5c22cda9 7a --serve r-tracking -blob="YTh hOWJmMmM2O GU3MjdiOGJ mODcxZmRlN TU1NzlkYjY yMGVkYzBmZ Tg5OGNiYjI 0MTA4MWRiN DExOTk2NTA 1NDp7ImNvd W50cnkiOiJ VUyIsImluc 3RhbGxlcl9 uYW1lIjoiT 3BlcmFTZXR 1cC5leGUiL CJwcm9kdWN 0Ijp7Im5hb WUiOiJvcGV yYSJ9LCJxd WVyeSI6Ii9 vcGVyYS9zd GFibGUvd2l uZG93cz91d G1fc291cmN lPWFjcm8md XRtX21lZGl 1bT1wYiZ1d G1fY2FtcGF pZ249Y3BkZ l9zb2Z0Iiw ic3lzdGVtI jp7InBsYXR mb3JtIjp7I mFyY2giOiJ 4ODZfNjQiL CJvcHN5cyI 6IldpbmRvd 3MiLCJvcHN 5cy12ZXJza W9uIjoiMTA iLCJwYWNrY WdlIjoiRVh FIn19LCJ0a W1lc3RhbXA iOiIxNzA5N zUwNjU3LjE zNTciLCJ1c 2VyYWdlbnQ iOiJNb3ppb GxhLzUuMCA oV2luZG93c yBOVCAxMC4 wOyBXaW42N DsgeDY0KSB BcHBsZVdlY ktpdC81Mzc uMzYgKEtIV E1MLCBsaWt lIEdlY2tvK SBDaHJvbWU vMTIyLjAuM C4wIFNhZmF yaS81MzcuM zYiLCJ1dG0 iOnsiY2Ftc GFpZ24iOiJ jcGRmX3NvZ nQiLCJtZWR pdW0iOiJwY iIsInNvdXJ jZSI6ImFjc m8ifSwidXV pZCI6Ijc4Y jU5NzQyLTQ yM2EtNGRkM i1hMDNkLTg 5MzU2YWNjM 2ZmYSJ9 " --silent --desktops hortcut=1 --install- subfolder= 109.0.5097 .45 MD5: 053ADC8C34F1ECB38BCA1C6832DD27AC) - installer.exe (PID: 6156 cmdline:
C:\Users\u ser\AppDat a\Local\Pr ograms\Ope ra\109.0.5 097.45\ins taller.exe --type=cr ashpad-han dler /pref etch:4 --m onitor-sel f-annotati on=ptype=c rashpad-ha ndler "--d atabase=C: \Users\use r\AppData\ Roaming\Op era Softwa re\Opera S table\Cras h Reports" "--crash- count-file =C:\Users\ user\AppDa ta\Roaming \Opera Sof tware\Oper a Stable\c rash_count .txt" --ur l=https:// crashstats -collector .opera.com /collector /submit -- annotation =channel=S table --an notation=p lat=Win64 --annotati on=prod=Op eraDesktop --annotat ion=ver=10 9.0.5097.4 5 --initia l-client-d ata=0x278, 0x27c,0x28 0,0x274,0x 250,0x7ffd f9937c80,0 x7ffdf9937 c8c,0x7ffd f9937c98 MD5: 053ADC8C34F1ECB38BCA1C6832DD27AC) - explorer.exe (PID: 2580 cmdline:
C:\Windows \Explorer. EXE MD5: 662F4F92FDE3557E86D110526BB578D5) - assistant_installer.exe (PID: 5828 cmdline:
"C:\Users\ user\AppDa ta\Local\P rograms\Op era\assist ant\assist ant_instal ler.exe" - -installfo lder="C:\U sers\user\ AppData\Lo cal\Progra ms\Opera\a ssistant" --run-assi stant --al lusers=0 MD5: 976BC8E5FE65F9BB56831E20F1747150) - assistant_installer.exe (PID: 5428 cmdline:
C:\Users\u ser\AppDat a\Local\Pr ograms\Ope ra\assista nt\assista nt_install er.exe --t ype=crashp ad-handler /prefetch :4 --monit or-self-an notation=p type=crash pad-handle r "--datab ase=C:\Use rs\user\Ap pData\Roam ing\Opera Software\O pera Stabl e\Crash Re ports" "-- crash-coun t-file=C:\ Users\user \AppData\R oaming\Ope ra Softwar e\Opera St able\crash _count.txt " --url=ht tps://cras hstats-col lector.ope ra.com/col lector/sub mit --anno tation=cha nnel=Stabl e --annota tion=plat= Win32 --an notation=p rod=OperaD esktop --a nnotation= ver=109.0. 5097.45 -- initial-cl ient-data= 0x210,0x20 8,0x234,0x 20c,0x238, 0x1126038, 0x1126044, 0x1126050 MD5: 976BC8E5FE65F9BB56831E20F1747150) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3468 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 4412 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 1740 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 5756 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 5844 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3808 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3684 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - assistant_installer.exe (PID: 3748 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\.opera \Opera Ins taller Tem p\opera_pa ckage_2024 0417224118 1\assistan t\assistan t_installe r.exe" --i nstallfold er="C:\Use rs\user\Ap pData\Loca l\Programs \Opera\ass istant" -- copyonly=0 --alluser s=0 MD5: 976BC8E5FE65F9BB56831E20F1747150) - assistant_installer.exe (PID: 2032 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\.opera \Opera Ins taller Tem p\opera_pa ckage_2024 0417224118 1\assistan t\assistan t_installe r.exe" --t ype=crashp ad-handler /prefetch :4 --monit or-self-an notation=p type=crash pad-handle r "--datab ase=C:\Use rs\user\Ap pData\Roam ing\Opera Software\O pera Stabl e\Crash Re ports" "-- crash-coun t-file=C:\ Users\user \AppData\R oaming\Ope ra Softwar e\Opera St able\crash _count.txt " --url=ht tps://cras hstats-col lector.ope ra.com/col lector/sub mit --anno tation=cha nnel=Stabl e --annota tion=plat= Win32 --an notation=p rod=OperaD esktop --a nnotation= ver=109.0. 5097.45 -- initial-cl ient-data= 0x220,0x22 4,0x228,0x 1fc,0x22c, 0x9a6038,0 x9a6044,0x 9a6050 MD5: 976BC8E5FE65F9BB56831E20F1747150) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 4928 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3244 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 3568 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - WJViQqIQpkJHwwlXNjpzvf.exe (PID: 4108 cmdline:
"C:\Progra m Files (x 86)\NgafYb gtcPjnJCrI URWNAMDnEd kNRdILKvpl yxVhxQAEx\ WJViQqIQpk JHwwlXNjpz vf.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717) - Assistant_109.0.5097.45_Setup.exe_sfx.exe (PID: 7668 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\.opera \Opera Ins taller Tem p\opera_pa ckage_2024 0417224118 1\assistan t\Assistan t_109.0.50 97.45_Setu p.exe_sfx. exe" MD5: 15D8C8F36CEF095A67D156969ECDB896) - assistant_installer.exe (PID: 744 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\.opera \Opera Ins taller Tem p\opera_pa ckage_2024 0417224118 1\assistan t\assistan t_installe r.exe" --v ersion MD5: 976BC8E5FE65F9BB56831E20F1747150) - assistant_installer.exe (PID: 5284 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\.opera \Opera Ins taller Tem p\opera_pa ckage_2024 0417224118 1\assistan t\assistan t_installe r.exe" --t ype=crashp ad-handler /prefetch :4 --monit or-self-an notation=p type=crash pad-handle r "--datab ase=C:\Use rs\user\Ap pData\Roam ing\Opera Software\O pera Stabl e\Crash Re ports" "-- crash-coun t-file=C:\ Users\user \AppData\R oaming\Ope ra Softwar e\Opera St able\crash _count.txt " --url=ht tps://cras hstats-col lector.ope ra.com/col lector/sub mit --anno tation=cha nnel=Stabl e --annota tion=plat= Win32 --an notation=p rod=OperaD esktop --a nnotation= ver=109.0. 5097.45 -- initial-cl ient-data= 0x224,0x22 8,0x22c,0x 200,0x230, 0x9a6038,0 x9a6044,0x 9a6050 MD5: 976BC8E5FE65F9BB56831E20F1747150)
- cleanup
⊘No configs have been found
⊘No yara matches
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: |
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | Registry value created: |
Compliance |
---|
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: | ||
Source: | EXE: |
Source: | Static PE information: |
Source: | Window detected: |