Multi-License Discount Quote

Change Region

English
Threat Database Hacktool Hacktool.ConnectWise.B

Hacktool.ConnectWise.B

By CagedTech in Hacktool

Analysis Report

General information

Family Name: Hacktool.ConnectWise.B
Signature status: Self Signed

Known Samples

MD5: 8e928496ead579dabddc451e58b35b65
SHA1: b5371776fce64da93f372aeabad7a3001af8f0b0
File Size: 312.68 KB, 312680 bytes
MD5: 8b29394cfa23746589cd66c65093d0f8
SHA1: e6398c1d4f657b2f117f908eeff581f2c79afbb7
File Size: 312.73 KB, 312728 bytes
MD5: 8c6039da9e0bbf2b666f99be8943e03c
SHA1: feb490ad06bd2041bc3ae0274f1022bb1ac9a3f9
File Size: 312.76 KB, 312760 bytes
MD5: afdcacab5b0eb2adb8b297cb4298244c
SHA1: cd66196ef452c038a2d90081591a8ce8e50fc051
File Size: 312.78 KB, 312776 bytes
MD5: edca4cd9ded973dcf0bc8147d51a1fc9
SHA1: b5a880bf7221b6cf51e276af5e141eec0c4b50fa
File Size: 312.80 KB, 312800 bytes
Show More
MD5: ff746cb57bdec314d0c174c40f20990b
SHA1: 5aa2a4e64bf72fa39bc3a818973301abb2182122
SHA256: BF5A13C95DD96138177B03137BF84F85C1D830A6444D9A338200BD1A53A3EB0F
File Size: 312.70 KB, 312696 bytes
MD5: 3afab614d0e026bc87f1cdcfd3086f6f
SHA1: edf09dee776709caa1d2f3ce713f078f8fabed3f
SHA256: 68F5D0B3B82FD73BA1AABBF6C8D9A14D1F46C10F76A781C4963CA802E3F91DF1
File Size: 312.81 KB, 312808 bytes
MD5: 1f2389b77ee0ee0c1f0cfbe23a4706a4
SHA1: 0ed08d67a60b1a07ebd3a2966ded264be427ce3c
SHA256: 2F4D865818FE93FB44C66841245ACBFFE2AEFEBFFA7D5B5C6B642A6A6BA7E371
File Size: 312.77 KB, 312768 bytes
MD5: 0170e6edb9e24313352d122fdf5c30c3
SHA1: c0597118939630f43e98febbdf499e3b2a596bbc
SHA256: 46F7112ABAAC0334AB2E4287B6AC93CE7CCC427C06F84906C435F3100898A972
File Size: 312.78 KB, 312776 bytes
MD5: 02d684be10cea72cbf292ba59fbfe69d
SHA1: 4839cfd6f66dbd814f192e79bcf39c1f2abdf288
SHA256: 9319746C8457366E4CB586611394E77CE6B804456F9F3234BCDA364D34B8FB47
File Size: 312.80 KB, 312800 bytes
MD5: 75f20ed698d5eba1869ef77abdae9410
SHA1: abf05a2a919790d94fde8ddd72faa6ff50ba5efe
SHA256: A3386F7B4F43222C0D990F3CAF47C5138040B5620888ED89687AE3C9B94C2630
File Size: 312.69 KB, 312688 bytes
MD5: 820d3a3a4c8206c242b0aad31ec817ce
SHA1: 5aa9041c15c195f442912ed312f30995582af47d
SHA256: 6C33CBC87B398285395E26B8E49CB1C6E550CD04D3E5CFCD275D52B684F5D2E9
File Size: 312.78 KB, 312776 bytes
MD5: 571cb5cf7aaf030fb982e330ed010682
SHA1: 2c1097aadd72694dcbe244b9ba6dd00225b3a921
SHA256: 1D7FD7C0446C25D58D32627A1E095C7A7309E83E4DB08349A5E2A51F534ACECC
File Size: 312.73 KB, 312728 bytes
MD5: a622d1ed71e7610be23b4adb606fdcd8
SHA1: 8206cb7277a2358d450ca385688f7191b7e64ce3
SHA256: 4F82D07972647B1B56C09BC506B71355BC0521BE6A1278642E968627F47FB636
File Size: 312.69 KB, 312688 bytes
MD5: 753e7142987a066f146a9d3289078ea2
SHA1: ab272ed28ec7b8ecd78184cfb71fb6143c7bc116
SHA256: CE8113556B989497A0F731EB3BA41DD3F7BB443F509D67B4DE8EC3516347143D
File Size: 312.76 KB, 312760 bytes
MD5: 51844218d499bc1da6cffb18de1ad0e2
SHA1: 8b03f3e832763b5d762386782a7a8ac4e4459c8e
SHA256: F84953CBAD40873B7EAD1D44C0B36B466BE55FEB73A640BBEEB9FB4ECF608454
File Size: 312.73 KB, 312728 bytes
MD5: d3be80e5ef7d8f7ac1d366c4cbada793
SHA1: 4a6ce5d2bae368279f26783eb4687c82658ac920
SHA256: A3E4C47CBFA3C18DC693BB51FDECBED7BA188CA70A4DB4501E3D61B124ACCDB2
File Size: 312.71 KB, 312712 bytes
MD5: 7a3591c844da52265b847aa18b555e92
SHA1: 4fb84701d0cfeff058f51bb000ac6018ac6d537a
SHA256: 9A4BD9557496598F120A235F0C463BD080E9D94E726908F8924737C8FEB34D40
File Size: 312.69 KB, 312688 bytes
MD5: 7630af36ca0fe7189e2319ce49347dc7
SHA1: 5f193742449b67782f93a00f129c4eeafe09e4bc
SHA256: 60A72BC5BCE7A228A09729207A47BD2B105FD26F26CCF3B5C0C1BA85C26058CE
File Size: 312.82 KB, 312824 bytes
MD5: 19ca9ec79550899a6b455bae43adef34
SHA1: c75c0c2bda2177120ee74c4217dd618c0e2b47d0
SHA256: 9D03E650B05EF0FBAA21784CA94970ED6997D3C374D7904EAEAB026795E5761C
File Size: 312.84 KB, 312840 bytes
MD5: 235439eacd2e4b43dc60a964e11ee4eb
SHA1: 47b64d7b4e1f852046ec0d3fe1ef204c5153a6c4
SHA256: F2DF1AB156EA4A174E60C071692B77DF6A4A6DD3EFB603185FBA124ADDA27C37
File Size: 312.78 KB, 312784 bytes
MD5: b90ba331e6509c7b926e5ef3f3003f45
SHA1: a6f321260e9c1fa2a0967ef04ce9423721698fe7
SHA256: 1E1E09520C9B10C699A264E30785758032E50D5FEE4084884B86F145E04C2B36
File Size: 312.76 KB, 312760 bytes
MD5: 26f366abc96efdc4f616e8f9200274ae
SHA1: cc4dd891d121ae299be56b2f22ccd40dad4f7f36
SHA256: C76CBF184DEC37F5A102D40B402109FBEEAA781219F7B414B328C747DF5AA899
File Size: 312.80 KB, 312800 bytes
MD5: ca54e9f66c0383c4f04c25863fb4bfaf
SHA1: c7b0edfdbc94a68e224de03aab43c129befed1fb
SHA256: 09EBEEBC2CA74E896FDE6ABE11635BECF4AC70B121AA7051B67D4733CD524373
File Size: 312.78 KB, 312784 bytes
MD5: 670a5b3ba77a38fc79e708b307f1ee3c
SHA1: a26e9be6b381c318d42527e95e27ba9293694aaf
SHA256: 72A7FDE95BA9363F786E0BF0A9119AD2CF25C531D99F9DB7B3E49CD1A44E9F84
File Size: 312.70 KB, 312704 bytes
MD5: 906e5c24b701ee9d10359388cea01022
SHA1: ff84142276e0a5277d516b04da4d1347e6d8e5c5
SHA256: 8876A4190AAF7CC009AC289FF8984A5051155CA510D02327FE11FF034240E234
File Size: 312.73 KB, 312728 bytes
MD5: 4ea6665cf6e531d365304dcbca67ac56
SHA1: b60a8667a1057cf42f59e6d79e80bae0d728d7be
SHA256: 443F04DB1B2B6FA359A84A45B51FF58E4973466BE5041E748EFA90960C787F76
File Size: 312.78 KB, 312784 bytes
MD5: 8385c95609406c77adbb9d01e1ce0df9
SHA1: 2f8549b56d5599b893c7b0c5af640034f32219e5
SHA256: 8FFF3B5FA436EF85EB66E30A90F2AE6C78E43D6F63F879F470223E23B86B4E6B
File Size: 312.79 KB, 312792 bytes
MD5: c53a157dde55ef22149df79ed35643ce
SHA1: c36213ae8eded97a2e345a8508d6b43e2c89a436
SHA256: 1DE6E14086D3A574177C1194D5151404B8880DBD1A70707630B5F235A7C6D366
File Size: 312.75 KB, 312752 bytes
MD5: dce3ee234d782e716c00c530c3ec8f79
SHA1: ec619c9eb3e3b8e16d77806ff0ce9ac0b5983a39
SHA256: E213F29A5FA4B85AD1C6C99BB29C9EA07340364A0690C2DE96306A1DEBF4640F
File Size: 312.82 KB, 312816 bytes
MD5: 50723e9917c87f4416fbb8253ad8861d
SHA1: 816b3d14f3ed21341ebb234d7371e086e81b6bc1
SHA256: 6661AC84FD93B64DC8CDB896EC98D4BE98DC1696A7081951B6A8C19C92554ECB
File Size: 312.60 KB, 312600 bytes
MD5: abe9794a642de5e368e3415492d25fd4
SHA1: 1a1a5bf6e333c6384acfb169effbc31e990899be
SHA256: F17C132CF8241E1C1CAFBC9C8870E4FA87BB584525507024AD76B2117FEAF292
File Size: 312.82 KB, 312824 bytes
MD5: a530c98e089f95fa11ccaf6866915c10
SHA1: d668f223f7a35fd24ca2e152b77091257bb688ed
SHA256: 610057869FF5ACF8A0DF1904FA1D8DB0E1162BD83D2DA37307FDF3AB986619F7
File Size: 312.74 KB, 312744 bytes
MD5: 6c4f838c0a2d382334a41188cef3f197
SHA1: 9138e3b80fecf723200850b579f923435439b4fd
SHA256: A62B5707BAB8CEA81E6765AC8E5CA0649E23F1F03FF4D0B84FCB7C41443B123A
File Size: 312.70 KB, 312696 bytes
MD5: ccdd6096eeb045e175d1355391d350ff
SHA1: 4759250909a3c956511e3773017cc7e38dc23412
SHA256: C30BEA985C71AF2AB7AB6D715463CC4CE05EF4565665A80EC9E199CDA81B4E39
File Size: 312.80 KB, 312800 bytes
MD5: 3bbe52a0b53c45058c3b93a66d0d6606
SHA1: d754c766dbd566d4ab477a2b506722fb77d45111
SHA256: 1E240112D56F0247D2CC8F6C0EFC5E58D1D534D258CC8A3C0B177A5990EEC305
File Size: 312.78 KB, 312776 bytes
MD5: 964fe972f833883987fe4ebfe17385fc
SHA1: b190a61a69c9331663dbfbc78c2cdec2fc613a4c
SHA256: 0AC07EF64932E8357DE4750AD299387FBB69B2D11A6B3B9421E8AEEAEA0412F3
File Size: 312.73 KB, 312728 bytes
MD5: ddea05151de35e50e872403ee07b716f
SHA1: 04da7ef83e45bf814582755681b2b081787c9634
SHA256: 70728CE9AEF483091100D82CB77C4A41A985DE3D49D5D13AE8CE2F8CC41C9650
File Size: 312.72 KB, 312720 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Digital Signatures

Signer Root Status
Connectwise, LLC DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed

File Traits

  • HighEntropy
  • No Version Info
  • x86

Block Information

Total Blocks: 2,117
Potentially Malicious Blocks: 1
Whitelisted Blocks: 2,116
Unknown Blocks: 0

Visual Map

x 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 2 2 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 1 1 0 0 2 2 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 2 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 2 0 2 2 0 0 0 0 0 0 0 0 0 2 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 2 2 0 0 3 1 1 0 0 1 1 1 1 0 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.M
  • Agent.MAC
  • BadJoke.JA
  • BadJoke.JB
  • BadJoke.XA
Show More
  • BadJoke.XAB
  • BadJoke.XAE
  • ConnectWise.B
  • Filecoder.GYT
  • Filecoder.VBC
  • KillMBR.P
  • KillMBR.XB
  • KillMBR.Y
  • LooCipher.A
  • RegistryDisabler.B
  • Stealer.FPE
  • Trojan.Downloader.Gen.NL
  • Trojan.Filecoder.Gen.AG
  • Trojan.Filecoder.Gen.C
  • Virtuvian.A

Windows API Usage

Category API
Cert Store Read
  • CertOpenSystemStore
Cert Store Write
  • CertAddCertificateContextToStore
Process Shell Execute
  • CreateProcess
Process Manipulation Evasion
  • NtUnmapViewOfSection
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
Show More
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Encryption Used
  • BCryptOpenAlgorithmProvider

Shell Command Execution

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe (NULL)

Trending

Most Viewed

Loading...