Source: 7.5RabbitFix_V9.exe |
Virustotal: Detection: 7% |
Perma Link |
Source: 7.5RabbitFix_V9.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: 7.5RabbitFix_V9.exe |
Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System |
Source: C:\Users\user\Desktop\7.5RabbitFix_V9.exe |
Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell |
Source: 7.5RabbitFix_V9.exe, PS2EXE.cs |
Long String: Length: 12988 |
Source: 7.5RabbitFix_V9.exe |
Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE |
Source: 7.5RabbitFix_V9.exe, PS2EXE.cs |
Base64 encoded string: 'IyNSYWJiaXRNUSBCYXNlIEZpeCMjDQoNCldyaXRlLUhvc3QgJycNCldyaXRlLUhvc3QgJyhjKTIwMTkgTGVuZWxTMicNCldyaXRlLUhvc3QgJycNCg0KIyNTZXQgVGltZW91dCBWYWx1ZQ0KDQpbaW50XSRUaW1lcj1SZWFkLUhvc3QgIkVudGVyIHRpbWVvdXQgdmFsdWUgaW4gc2Vjb25kcywgcHJlc3MgPEVOVEVSPiBmb3IgZGVmYXVsdCINCmlmKCRUaW1lciAtZXEgJycpDQp7DQogICAgJFRpbWVyPTMwDQp9DQoNCldyaXRlLUhvc3QgJycNCg0KIyM3LjYgQmFja3BvcnQgQ2xlYW51cCBSTVEgc3R1ZmYNCg0KdHJ5DQp7DQogICAgICAgIFdyaXRlLUhvc3QgJ01ha2luZyBzdXJlIFJNUSBiYWNrZ3JvdW5kIHByb2Nlc3NlcyBhcmUgc3RvcHBlZC4uJyAtZm9yZWdyb3VuZGNvbG9yIFllbGxvdyAgDQogICAgICAgIHRhc2traWxsIC9pbSBlcmxzcnYuZXhlIC9mIC90IDI+JjE+JG51bGwNCiAgICAgICAgdGFza2tpbGwgL2ltIGVwbWQuZXhlIC9mIC90IDI+JjE+JG51bGwNCiAgICAgICAgdGFza2tpbGwgL2ltIGVybC5leGUgL2YgL3QgMj4mMT4kbnVsbA0KICAgICAgICB0YXNra2lsbCAvaW0gbmdpbnguZXhlIC8gZiAvdCAyPiYxPiRudWxsDQogICAgICAgIFdyaXRlLUhvc3QgJ0RvbmUuJyAtRm9yZWdyb3VuZENvbG9yIEdyZWVuDQogICAgICAgIFdyaXRlLUhvc3QgJ0NsZWFuaW5nIHVwIHByZXZpb3VzIGluc3RhbGxhdGlvbiBvZiBSTVEuLicgLUZvcmVncm91bmRDb2xvciBZZWxsb3cgIA0KICAgICAgICBXcml0ZS1Ib3N0ICcnDQogICAgICAgIFJlbW92ZS1JdGVtIC1SZWN1cnNlIC1Gb3JjZSAkZW52OnByb2dyYW1kYXRhXGxubFxSYWJiaXRNUQ0KfQ0KY2F0Y2gNCnsNCiAgICBXcml0ZS1Ib3N0ICJVbmFibGUgdG8gcmVtb3ZlIGV4aXN0aW5nIFJNUSBkaXJlY3RvcnkuIiAtRm9yZWdyb3VuZENvbG9yIFJlZA0KfQ0KDQojI0NyZWF0ZSBuZXcgZGlyZWN0b3J5IyMNCg0KdHJ5DQp7DQogICAgTmV3LUl0ZW0gLVBhdGggIiRlbnY6cHJvZ3JhbWRhdGFcbG5sXFJhYmJpdE1RIiAtSXRlbVR5cGUgImRpcmVjdG9yeSIgLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUgIC1FcnJvclZhcmlhYmxlIGRpcmVjdG9yeSANCn0NCg0KY2F0Y2gNCnsNCiAgICBXcml0ZS1Ib3N0ICJVbmFibGUgdG8gY3JlYXRlIHJhYmJpdCBiYXNlIGRpcmVjdG9yeSBpbiAkZW52OnByb2dyYW1kYXRhXGxubFxSYWJiaXRNUS4uIg0KfQ0KDQojQmVmb3JlIENvcHlpbmcgYWR2YW5jZWQuY29uZmlnIGZpbGUgY2hlY2sgT0cgaW5zdGFsbGF0aW9uIHBhdGgNCg0KdHJ5DQp7DQogICAgJEluc3RhbGxlZFZlcnNpb249R2V0LUl0ZW1Qcm9wZXJ0eSBSZWdpc3RyeTo6SEtFWV9MT0NBTF9NQUNISU5FXFNPRlRXQVJFXFdPVzY0MzJOb2RlXExlbmVsXE9uR3VhcmQgLU5hbWUgUHJvZHVjdFZlcnNpb24NCiAgICAkVmVyc2lvbj0kSW5zdGFsbGVkVmVyc2lvbi5Qcm9kdWN0VmVyc2lvbg0KICAgICRpbnN0YWxsPUdldC1JdGVtUHJvcGVydHkgUmVnaXN0cnk6OkhLRVlfTE9DQUxfTUFDSElORVxTT0ZUV0FSRVxXT1c2NDMyTm9kZVxMZW5lbFxPbkd1YXJkIC1OYW1lIEluc3RhbGxQYXRoDQogICAgW29iamVjdF0kSW5zdGFsbFBhdGg9JGluc3RhbGwuSW5zdGFsbFBhdGggICAgDQp9DQoNCmNhdGNoDQp7DQogICAgV3JpdGUtSG9zdCAnVW5hYmxlIHRvIGdldCBPbkd1YXJkIHZlcnNpb24nDQogICAgUGF1c2UNCiAgICBFeGl0DQp9DQoNCnRyeQ0Kew0KICAgICRBZGpJbnN0YWxsUGF0aD0kSW5zdGFsbFBhdGguUmVwbGFjZSgnXCcsICdcXCcpDQoJKEdldC1Db250ZW50IGFkdmFuY2VkLmNvbmZpZykucmVwbGFjZSgnQzpcXFByb2dyYW0gRmlsZXMgKHg4NilcXE9uR3VhcmRcXCcsI |