![]() ![]() ![]() HTTP traffic detected: GET /Revo- Uninstalle r-Pro-4-ba nner.jpg H TTP/1.1Acc ept: image /png, imag e/svg xml, image/jxr, image/* q=0.8, */* q=0.5Acce pt-Languag e: en-USUs er-Agent: Mozilla/5. HTTP traffic detected: GET /proin stall_than kyou.html HTTP/1.1Ac cept: text /html, app lication/x html xml, image/jxr, */*Accept -Language: en-USUser -Agent: Mo zilla/5.0 (Windows N T 10.0 WO W64 Tride nt/7.0 rv :11.0) lik e GeckoAcc ept-Encodi ng: gzip, deflateHos t: ection: Ke ep-Alive JA3 SSL client fingerprint seen in connection with other malware IP address seen in connection with other malware exeĬode function: 33_2_00409 4AD FindFi rstFileW,F indFirstFi leW,FindFi rstFileW,G etLastErro r,FindNext FileW,GetL astError,Ĭode function: 33_2_0040D EC6 SendDl gItemMessa geW,EndDia log,GetDlg Item,SetFo cus,SetDlg ItemTextW, SetDlgItem TextW,Send DlgItemMes sageW,Find FirstFileW ,FileTimeT oLocalFile Time,FileT imeToSyste mTime,GetT imeFormatW ,GetDateFo rmatW,_swp rintf,SetD lgItemText W,FindClos e,_swprint f,SetDlgIt emTextW,Se ndDlgItemM essageW,Fi leTimeToLo calFileTim e,FileTime ToSystemTi me,GetTime FormatW,Ge tDateForma tW,_swprin tf,SetDlgI temTextW,_ swprintf,S etDlgItemT extW,Ĭode function: 33_1_00409 4AD FindFi rstFileW,F indFirstFi leW,FindFi rstFileW,G etLastErro r,FindNext FileW,GetL astError,Ĭode function: 33_1_0040D EC6 FindFi rstFileW,F ileTimeToL ocalFileTi me,FileTim eToSystemT ime,GetTim eFormatW,G etDateForm atW,_swpri ntf,FindCl ose,_swpri ntf,FileTi meToLocalF ileTime,Fi leTimeToSy stemTime,G etTimeForm atW,GetDat eFormatW,_ swprintf,_ swprintf, Source: C:\Windows \schemas\E APEl\crack. Source: C:\Program Files\VS Revo Group \Revo Unin staller Pr o\RevoUnin Pro.exeįile opened: C:\Program Files (x8 6)\Microso ft Office\ root\Offic e16\ADDINS \EduWorks Data Strea mer Add-In \įile opened: C:\Program Files (x8 6)\Microso ft Office\ root\Offic e16\ADDINS \Microsoft Power Que ry for Exc el Integra ted\bin\af \įile opened: C:\Program Files (x8 6)\Microso ft Office\ root\Offic e16\ADDINS \įile opened: C:\Program Files (x8 6)\Microso ft Office\ root\Offic e16\ADDINS \EduWorks Data Strea mer Add-In \Aria\įile opened: C:\Program Files (x8 6)\Microso ft Office\ root\Offic e16\ADDINS \Microsoft Power Que ry for Exc el Integra ted\įile opened: C:\Program Files (x8 6)\Microso ft Office\ root\Offic e16\ADDINS \Microsoft Power Que ry for Exc el Integra ted\bin\Ĭontains functionality to enumerate / list files inside a directory Standard Non-Application Layer Protocol 3 Net, VB or Delphi, or parses a document) for: setup.exe, setup.tmp, ruplp.exe Skipping Hybrid Code Analysis (implementation is based on Java.Report size getting too big, too many NtQueryValueKey calls found.Report size getting too big, too many NtProtectVirtualMemory calls found.Report size getting too big, too many NtOpenKeyEx calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtAllocateVirtualMemory calls found. ![]() Report size exceeded maximum capacity and may have missing behavior information.Execution Graph export aborted for target RevoUninPro.exe, PID 2060 because there are no executed function.Execution Graph export aborted for target Revo Uninstaller Pro v.4.0.0 Multi NL by ElChaca.exe, PID 4084 because there are no executed function.Exclude process from analysis (whitelisted): taskhostw.exe, sc.exe, dllhost.exe, TiWorker.exe, wermgr.exe, SIHClient.exe, MusNotifyIcon.exe, conhost.exe, CompatTelRunner.exe, svchost.exe.Stop behavior analysis, all processes terminated.Found application associated with file extension.Successful, ratio: 99.8% (good quality ratio 90.7%).Number of analysed new started processes analysed: Revo Uninstaller Pro v.4.0.0 Multi NL by ElChaca.exe ![]()
0 Comments
Leave a Reply. |