"Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer" "Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs"
"\Sessions\1\BaseNamedObjects\Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs" "\Sessions\1\BaseNamedObjects\Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit" "\Sessions\1\BaseNamedObjects\Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer" "\Sessions\1\BaseNamedObjects\Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer" "\Sessions\1\BaseNamedObjects\Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer" "\Sessions\1\BaseNamedObjects\Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer" "\Sessions\1\BaseNamedObjects\Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer" "\Sessions\1\BaseNamedObjects\Global\C::Users:1rsKljP:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex"
Possibly tries to detect the presence of a debugger Source Hybrid Analysis Technology relevance 10/10 See related instructions: ".+43 call 00418E80h+48 add esp, 0Ch+51 lea ecx, dword ptr +57 push ecx+58 call dword ptr GetVersionExW+64 mov dword ptr, eax+70 cmp dword ptr, 00000000h+77 je 0040FCA4h". Which is directly followed by "cmp dword ptr, 00000000h" and "je 0040FCA4h". See related instructions: ".+33 call 00418E80h+38 add esp, 0Ch+41 mov dword ptr, 00000114h+51 lea ecx, dword ptr +57 push ecx+58 call dword ptr GetVersionExW+64 cmp dword ptr, 06h+71 jc 00402120h". Which is directly followed by "cmp dword ptr, 06h" and "jc 00402120h". "" read file "C:\Users\%USERNAME%\Pictures\desktop.ini"Ĭontains ability to create a remote thread (often used for process injection)įound API call (Target: "" Stream UID: "19585-5178-004020D0") "" read file "C:\Users\%USERNAME%\Documents\desktop.ini" "" read file "C:\Users\%USERNAME%\Videos\desktop.ini" "" read file "C:\Users\%USERNAME%\desktop.ini" "" read file "C:\Users\%USERNAME%\Music\desktop.ini" "" read file "C:\Users\%USERNAME%\Downloads\desktop.ini" "" read file "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini" "" read file "C:\Users\%USERNAME%\Links\desktop.ini" "" read file "C:\Users\%USERNAME%\Favorites\desktop.ini"
"" read file "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini" "" read file "%PROGRAMFILES%\desktop.ini" "" read file "C:\Users\%USERNAME%\Desktop\desktop.ini"
0 kommentar(er)
