Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4mDVpaKpPG.exe

Overview

General Information

Sample name:4mDVpaKpPG.exe
renamed because original name is a hash value
Original sample name:31d8a22725d41426e757c62569f9a065.exe
Analysis ID:1615265
MD5:31d8a22725d41426e757c62569f9a065
SHA1:c056a3927a2eb4f0f3fb332aac3f7435f465abbe
SHA256:b321e84fc8051267a268d713c99c0abbb9fe563390218b7bfa1a1df16cef0306
Tags:exeValleyRATuser-abuse_ch
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
File is packed with WinRar
IP address seen in connection with other malware
PE file contains sections with non-standard names

Classification

Process Tree

  • System is w10x64
  • 4mDVpaKpPG.exe (PID: 6844 cmdline: "C:\Users\user\Desktop\4mDVpaKpPG.exe" MD5: 31D8A22725D41426E757C62569F9A065)
    • chrome.exe (PID: 6112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://t.me/setlanguage/abcxyz MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6548 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1924,i,16418043321853965406,12002353379592528226,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 4mDVpaKpPG.exeVirustotal: Detection: 50%Perma Link
Source: 4mDVpaKpPG.exeReversingLabs: Detection: 59%
Source: 4mDVpaKpPG.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 4mDVpaKpPG.exe
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2BB110 SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6EC2BB110
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2A407C FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6EC2A407C
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2CFC20 FindFirstFileExA,0_2_00007FF6EC2CFC20
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /setlanguage/abcxyz HTTP/1.1Host: t.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/font-roboto.css?1 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://t.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://t.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /css/telegram.css?244 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://t.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /js/tgwallpaper.min.js?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://t.me/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /js/tgwallpaper.min.js?3 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/tgme/pattern.svg?1 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?244Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://t.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://telegram.org/css/font-roboto.css?1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://t.mesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://telegram.org/css/font-roboto.css?1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /img/tgme/pattern.svg?1 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: t.me
Source: global trafficDNS traffic detected: DNS query: telegram.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: chromecache_49.3.drString found in binary or memory: http://getbootstrap.com)
Source: chromecache_49.3.drString found in binary or memory: http://getbootstrap.com/customize/?id=92d2ac1b31978642b6b6)
Source: chromecache_49.3.drString found in binary or memory: https://gist.github.com/92d2ac1b31978642b6b6
Source: chromecache_49.3.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_52.3.drString found in binary or memory: https://osx.telegram.org/updates/site/artboard.png)
Source: chromecache_52.3.drString found in binary or memory: https://osx.telegram.org/updates/site/artboard_2x.png);
Source: 4mDVpaKpPG.exeString found in binary or memory: https://t.me/setlanguage/abcxyz
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A66FE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/setlanguage/abcxyz$d
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A66FE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/setlanguage/abcxyz0f)
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A6701C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/setlanguage/abcxyz4
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A6701C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/setlanguage/abcxyz=
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A6701C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/setlanguage/abcxyzX
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A66FDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/setlanguage/abcxyzeha
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A6701C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/setlanguage/abcxyzl
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A66FE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/setlanguage/abcxyzrosoft
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC29C300: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6EC29C300
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC295E2C0_2_00007FF6EC295E2C
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2BCE080_2_00007FF6EC2BCE08
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2BB1100_2_00007FF6EC2BB110
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C06D40_2_00007FF6EC2C06D4
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2AA46C0_2_00007FF6EC2AA46C
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C06D40_2_00007FF6EC2C06D4
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B8D740_2_00007FF6EC2B8D74
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B1EA00_2_00007FF6EC2B1EA0
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2AAED40_2_00007FF6EC2AAED4
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2D20000_2_00007FF6EC2D2000
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2AF1000_2_00007FF6EC2AF100
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC29F9400_2_00007FF6EC29F940
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B2A300_2_00007FF6EC2B2A30
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2CFA140_2_00007FF6EC2CFA14
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2A1A000_2_00007FF6EC2A1A00
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC291AA40_2_00007FF6EC291AA4
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2D5A780_2_00007FF6EC2D5A78
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2A5B200_2_00007FF6EC2A5B20
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B4B180_2_00007FF6EC2B4B18
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2ABB4C0_2_00007FF6EC2ABB4C
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C8B9C0_2_00007FF6EC2C8B9C
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B2CD80_2_00007FF6EC2B2CD8
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC29A6640_2_00007FF6EC29A664
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2976C00_2_00007FF6EC2976C0
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2CC7B80_2_00007FF6EC2CC7B8
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2948400_2_00007FF6EC294840
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2A48E80_2_00007FF6EC2A48E8
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B38E40_2_00007FF6EC2B38E4
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2AC9280_2_00007FF6EC2AC928
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C89200_2_00007FF6EC2C8920
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B21500_2_00007FF6EC2B2150
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2A12240_2_00007FF6EC2A1224
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2972880_2_00007FF6EC297288
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC29C3000_2_00007FF6EC29C300
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC29A2FC0_2_00007FF6EC29A2FC
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B53700_2_00007FF6EC2B5370
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B34040_2_00007FF6EC2B3404
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2AB4F00_2_00007FF6EC2AB4F0
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2D24D00_2_00007FF6EC2D24D0
Source: classification engineClassification label: mal48.winEXE@17/16@8/6
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC29B6E8 GetLastError,FormatMessageW,LocalFree,0_2_00007FF6EC29B6E8
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2B85A4 FindResourceExW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00007FF6EC2B85A4
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeFile created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_4542921Jump to behavior
Source: 4mDVpaKpPG.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 4mDVpaKpPG.exeVirustotal: Detection: 50%
Source: 4mDVpaKpPG.exeReversingLabs: Detection: 59%
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeFile read: C:\Users\user\Desktop\4mDVpaKpPG.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\4mDVpaKpPG.exe "C:\Users\user\Desktop\4mDVpaKpPG.exe"
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://t.me/setlanguage/abcxyz
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1924,i,16418043321853965406,12002353379592528226,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://t.me/setlanguage/abcxyzJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1924,i,16418043321853965406,12002353379592528226,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociationsJump to behavior
Source: 4mDVpaKpPG.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: 4mDVpaKpPG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 4mDVpaKpPG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 4mDVpaKpPG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 4mDVpaKpPG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 4mDVpaKpPG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 4mDVpaKpPG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 4mDVpaKpPG.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: 4mDVpaKpPG.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: 4mDVpaKpPG.exe
Source: 4mDVpaKpPG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 4mDVpaKpPG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 4mDVpaKpPG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 4mDVpaKpPG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 4mDVpaKpPG.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeFile created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_4542921Jump to behavior
Source: 4mDVpaKpPG.exeStatic PE information: section name: .didat
Source: 4mDVpaKpPG.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2BB110 SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6EC2BB110
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2A407C FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6EC2A407C
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2CFC20 FindFirstFileExA,0_2_00007FF6EC2CFC20
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C1624 VirtualQuery,GetSystemInfo,0_2_00007FF6EC2C1624
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A6701C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}o
Source: 4mDVpaKpPG.exe, 00000000.00000002.2923792190.0000017A6701C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C30F0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6EC2C30F0
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2D0CA0 GetProcessHeap,0_2_00007FF6EC2D0CA0
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C30F0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6EC2C30F0
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C7658 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6EC2C7658
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C32D4 SetUnhandledExceptionFilter,0_2_00007FF6EC2C32D4
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C2490 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6EC2C2490
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2BB110 SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,WaitForInputIdle,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6EC2BB110
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://t.me/setlanguage/abcxyzJump to behavior
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2ADBEC cpuid 0_2_00007FF6EC2ADBEC
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00007FF6EC2BA24C
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2C06D4 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,0_2_00007FF6EC2C06D4
Source: C:\Users\user\Desktop\4mDVpaKpPG.exeCode function: 0_2_00007FF6EC2A4E70 GetVersionExW,0_2_00007FF6EC2A4E70

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
Process Injection		11
Process Injection		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Software Packing		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS25
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.