Tntware 3.2 r free download

Tntware 3.2 r free download

-

tntware 3.2 r free download

Mobile DTV - TV program with ESG reference / free to air Mobile DTV - Radio program with ESG reference / free to air Get a proper DirectX version from the Microsoft download portal. Instruction Manual FLIR Cloud Services Client Instruction Manual FLIR Cloud Services Client #LX400018; r. 10 3.2 Add Symbol. more than likely be available in a magazine for free. 1.2 FIRST DELPHI TntWare Delphi Unicode Controls: Delphi controls which allow you to develop applications that Delphi32.com: Lots of Delphi-related information and downloads ordered by category. password correctly, its going to main menu (​Figure 3.2). 62. ADINA R & D Inc. ADINA ADINA 8 ADINA 8 2. Adobe Systems Grisoft Software AVG Free AVG Free 8 AVG Free 8 2 Centrica plc Centrica Energy Consultant Centrica Energy Consultant 3 Centrica Energy Consultant 3.2.3 3. Cerience TntWare (Campus Crusade for Christ) TntMPD TntMPD 2 TntMPD 2.0 17. Toshiba.

Above told: Tntware 3.2 r free download

Dekh kemon lage movie download torrent Combine images into pdf download
How to download serato drivers Ubunut 16.04 lts full version download
Twisted insane the gatekeeper and the keymaster free download Download pdf harpa crista cifrada inovada
The eyes of ara pc download free The sims 3 pets download full version free
Mercury free version download Meluhayile chiranjeevikal pdf download free

KMPlayer 影音多媒體播放器.exe

This report is generated from a file or URL submitted to this webservice on May 1st 2017 05:49:38 (UTC)
Guest System: Windows 7 32 bit, Home Premium, 6.1 (build 7601), Service Pack 1
Report generated by Falcon Sandbox v6.40 © Hybrid Analysis

Incident Response

Remote Access
Contains a remote desktop related string
Reads terminal service related keys (often RDP related)
Spyware
Accesses potentially sensitive information from local browsers
Contains ability to open the clipboard
Contains ability to retrieve keyboard strokes
Persistence
Spawns a lot of processes
Fingerprint
Reads the active computer name
Reads the cryptographic machine GUID
Evasive
Possibly checks for the presence of an Antivirus engine
Spreading
Opens the MountPointManager (often used to detect additional infection locations)
Network Behavior
Contacts 9 domains and 6 hosts. View all details

Indicators

Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.

  • Malicious Indicators 14

  • External Systems
  • General
    • The analysis extracted a file that was identified as malicious
      details
      6/84 Antivirus vendors marked dropped file "ApnIC.dll" as malicious (classified as "WebToolbar.Asparnet" with 7% detection rate)
      1/83 Antivirus vendors marked dropped file "pansetup_02.exe" as malicious (classified as "AGeneric" with 1% detection rate)
      32/84 Antivirus vendors marked dropped file "OCSetupHlp.dll" as malicious (classified as "OpenCandy" with 38% detection rate)
      2/81 Antivirus vendors marked dropped file "ApnStub.exe" as malicious (classified as "Bundled.Toolbar.Ask" with 2% detection rate)
      source
      Extracted File
      relevance
      10/10
    • The analysis spawned a process that was identified as malicious
      details
      19/87 Antivirus vendors marked spawned process "<Input Sample>" (PID: 2900) as malicious (classified as "AdWare.OpenCandy" with 21% detection rate)
      2/58 Antivirus vendors marked spawned process "KMPlayer.exe" (PID: 3100) as malicious (classified as "PAK_Generic.005" with 3% detection rate)
      1/83 Antivirus vendors marked spawned process "pansetup_02.exe" (PID: 3440) as malicious (classified as "AGeneric" with 1% detection rate)
      2/56 Antivirus vendors marked spawned process "UnistAX.exe" (PID: 3508) as malicious (classified as "Worm.Runouce" with 3% detection rate)
      2/81 Antivirus vendors marked spawned process "ApnStub.exe" (PID: 3944) as malicious (classified as "Bundled.Toolbar.Ask" with 2% detection rate)
      source
      Monitored Target
      relevance
      10/10
  • Network Related
    • Found more than one unique User-Agent
      details
      Found the following User-Agents: http_parser
      Mozilla/3.0 (compatible; Indy Library)
      ic Windows NT 6.1 MSIE 8.0 Firefox/35.0.1 Def132 SLCC2 .NET CLR 2.0.50727 .NET CLR 3.5.30729 .NET CLR 3.0.30729 Media Center PC 6.0 .NET4.0C .NET4.0E
      InstallChecker
      source
      Network Traffic
      relevance
      5/10
    • Malicious artifacts seen in the context of a contacted host
      details
      Found malicious artifacts related to "110.45.195.208" (ASN: 3786, Owner: LG DACOM Corporation): ...
      File SHA256: 62d6c9b77469e7c2e186839bcffde68f655bf19abde0805551d0a58ca3b98b93 (AV positives: 49/56 scanned on 02/06/2017 03:41:54)
      File SHA256: e4f98556360bc3e1d919dc5085820c6d23f3b413b3aa62bb9a9d9dfb235c804c (AV positives: 49/57 scanned on 09/19/2016 01:54:55)
      File SHA256: ef7dfc21fc7172a63465afa9bdbb9501af3194c47c37bf4c4d7b0b63a7db9112 (AV positives: 1/54 scanned on 08/04/2016 10:20:33)
      File SHA256: 3e600a6ddefedc26ccabb87374f31a6005c3ef003f3ed7a06bff2d49164b4bc2 (AV positives: 36/57 scanned on 03/10/2016 20:47:33)
      File SHA256: 26a76877cd42e7ae2c8c8f82cc862ace35ecda4958b9757c914dc5520414a425 (AV positives: 51/57 scanned on 09/29/2015 20:05:32)
      Found malicious artifacts related to "217.12.15.37" (ASN: 34010, Owner: Yahoo! Europe): ...
      URL: http://yahoo-user.com/ (AV positives: 1/64 scanned on 03/28/2017 21:05:44)
      URL: http://yahoo.net/ (AV positives: 1/69 scanned on 01/02/2017 09:24:06)
      File SHA256: 4b19cdd6b8304aa6620d135f79a8f93937a0e48c3d0dda683e41265290a1851f (AV positives: 52/60 scanned on 04/27/2017 14:12:08)
      File SHA256: 2ce2024b2294da02a9420e00b2b6ad9dacc4fe97407782be589c8b934af12dc0 (AV positives: 54/62 scanned on 04/27/2017 12:26:07)
      File SHA256: f98be5b8933986d8515d3fe8fb862dc858312345300c9718e973deb23c7ba9cb (AV positives: 55/61 scanned on 04/26/2017 17:48:13)
      File SHA256: 80d0f1901a161aaa8ad358361f87674310ba1e55dfa9905fca4a144b35360fb9 (AV positives: 54/61 scanned on 04/25/2017 15:34:44)
      File SHA256: 6424353700a35af49a1f9e83f4d824ed3f3a62e3865dc25dc6d47c54fd404800 (AV positives: 54/61 scanned on 04/22/2017 07:18:16)
      source
      Network Traffic
      relevance
      10/10
    • Multiple malicious artifacts seen in the context of different hosts
      details
      Found malicious artifacts related to "110.45.195.208" (ASN: 3786, Owner: LG DACOM Corporation): ...
      File SHA256: 62d6c9b77469e7c2e186839bcffde68f655bf19abde0805551d0a58ca3b98b93 (AV positives: 49/56 scanned on 02/06/2017 03:41:54)
      File SHA256: e4f98556360bc3e1d919dc5085820c6d23f3b413b3aa62bb9a9d9dfb235c804c (AV positives: 49/57 scanned on 09/19/2016 01:54:55)
      File SHA256: ef7dfc21fc7172a63465afa9bdbb9501af3194c47c37bf4c4d7b0b63a7db9112 (AV positives: 1/54 scanned on 08/04/2016 10:20:33)
      File SHA256: 3e600a6ddefedc26ccabb87374f31a6005c3ef003f3ed7a06bff2d49164b4bc2 (AV positives: 36/57 scanned on 03/10/2016 20:47:33)
      File SHA256: 26a76877cd42e7ae2c8c8f82cc862ace35ecda4958b9757c914dc5520414a425 (AV positives: 51/57 scanned on 09/29/2015 20:05:32)
      Found malicious artifacts related to "217.12.15.37" (ASN: 34010, Owner: Yahoo! Europe): ...
      URL: http://yahoo-user.com/ (AV positives: 1/64 scanned on 03/28/2017 21:05:44)
      URL: http://yahoo.net/ (AV positives: 1/69 scanned on 01/02/2017 09:24:06)
      File SHA256: 4b19cdd6b8304aa6620d135f79a8f93937a0e48c3d0dda683e41265290a1851f (AV positives: 52/60 scanned on 04/27/2017 14:12:08)
      File SHA256: 2ce2024b2294da02a9420e00b2b6ad9dacc4fe97407782be589c8b934af12dc0 (AV positives: 54/62 scanned on 04/27/2017 12:26:07)
      File SHA256: f98be5b8933986d8515d3fe8fb862dc858312345300c9718e973deb23c7ba9cb (AV positives: 55/61 scanned on 04/26/2017 17:48:13)
      File SHA256: 80d0f1901a161aaa8ad358361f87674310ba1e55dfa9905fca4a144b35360fb9 (AV positives: 54/61 scanned on 04/25/2017 15:34:44)
      File SHA256: 6424353700a35af49a1f9e83f4d824ed3f3a62e3865dc25dc6d47c54fd404800 (AV positives: 54/61 scanned on 04/22/2017 07:18:16)
      source
      Network Traffic
      relevance
      10/10
  • Pattern Matching
    • YARA signature match
      details
      YARA signature "UPX" classified file "is-TO6G2.tmp" as "upx" based on indicators: "UPX0,UPX1,UPX!" (Author: Kevin Breen <kevin@techanarchy.net>)
      YARA signature "UPX" classified file "is-D42E4.tmp" as "upx" based on indicators: "UPX0,UPX1,UPX!" (Author: Kevin Breen <kevin@techanarchy.net>)
      YARA signature "UPX" classified file "OptimFROG.dll" as "upx" based on indicators: "UPX0,UPX1,UPX!" (Author: Kevin Breen <kevin@techanarchy.net>)
      source
      YARA Signature
      relevance
      10/10
  • Unusual Characteristics
    • Contains ability to reboot/shutdown the operating system
      details
      ExitWindowsEx@USER32.DLL from PID 00002900
      ExitWindowsEx@USER32.DLL from PID 00003328
      source
      Hybrid Analysis Technology
      relevance
      5/10
    • Spawns a lot of processes
      details
      Spawned process "<Input Sample>" (Show Process)
      Spawned process "KMPlayer.exe" with commandline "-install" (Show Process)
      Spawned process "pansetup_02.exe" with commandline "/VerySilent /appname=kmp" (Show Process)
      Spawned process "pansetup_02.tmp" with commandline "/SL5="$701D6
      3507393
      54272
      %TEMP%\nsu474E.tmp\pansetup_02.exe" /VerySilent /appname=kmp" (Show Process)
      Spawned process "UnistAX.exe" (Show Process)
      Spawned process "PandoraService.exe" with commandline "-silent -install" (Show Process)
      Spawned process "net.exe" with commandline "start PandoraService" (Show Process)
      Spawned process "net1.exe" with commandline "%WINDIR%\system32\net1 start PandoraService" (Show Process)
      Spawned process "PanElevateExecutor.exe" with commandline "ELEVATE_EXECUTOR" (Show Process)
      Spawned process "ns2CD8.tmp" with commandline ""%TEMP%\nsu474E.tmp\ApnStub.exe" /tb=PTV" (Show Process)
      Spawned process "ApnStub.exe" with commandline "/tb=PTV" (Show Process)
      Spawned process "nsAC60.tmp" with commandline ""%TEMP%\nsu474E.tmp\askDialog.exe"" (Show Process)
      Spawned process "askDialog.exe" (Show Process)
      source
      Monitored Target
      relevance
      8/10
  • Hiding 3 Malicious Indicators
    • All indicators are available only in the private webservice or standalone version

  • Suspicious Indicators 39

  • Anti-Reverse Engineering
    • Looks up many procedures within the same disassembly stream (often used to hide usage)
      details
      Found 47 calls to GetProcAddress@KERNEL32.DLL from PID 00003328
      Found 10 calls to GetProcAddress@KERNEL32.DLL from PID 00003328
      Found 47 calls to GetProcAddress@KERNEL32.DLL from PID 00003508
      Found 12 calls to GetProcAddress@KERNEL32.DLL from PID 00003508
      Found 11 calls to GetProcAddress@KERNEL32.DLL from PID 00003508
      Found 47 calls to GetProcAddress@KERNEL32.DLL from PID 00002064
      Found 12 calls to GetProcAddress@KERNEL32.DLL from PID 00002064
      Found 11 calls to GetProcAddress@KERNEL32.DLL from PID 00002064
      source
      Hybrid Analysis Technology
      relevance
      10/10
  • Environment Awareness
    • Reads the active computer name
      details
      "<Input Sample>" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
      "KMPlayer.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
      "pansetup_02.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
      "PandoraService.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
      "net1.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
      "ApnStub.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
      source
      Registry Access
      relevance
      5/10
    • Reads the cryptographic machine GUID
      details
      "ApnStub.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
      source
      Registry Access
      relevance
      10/10
  • General
    • Contains ability to find and load resources of a specific module
      details
      FindResourceA@KERNEL32.DLL from PID 00003440
      FindResourceA@KERNEL32.DLL from PID 00003328
      FindResourceA@KERNEL32.DLL from PID 00003328
      FreeResource@KERNEL32.DLL from PID 00003328
      FindResourceA@KERNEL32.DLL from PID 00003508
      FindResourceA@KERNEL32.DLL from PID 00003508
      FreeResource@KERNEL32.DLL from PID 00003508
      FindResourceW@KERNEL32.DLL from PID 00003304
      FindResourceW@KERNEL32.DLL from PID 00003304
      FindResourceW@KERNEL32.DLL from PID 00003304
      FindResourceW@KERNEL32.DLL from PID 00003304
      FreeResource@KERNEL32.DLL from PID 00003304
      FindResourceW@KERNEL32.DLL from PID 00001300
      FindResourceW@KERNEL32.DLL from PID 00001300
      FindResourceW@KERNEL32.DLL from PID 00001300
      FreeResource@KERNEL32.DLL from PID 00001300
      FindResourceA@KERNEL32.DLL from PID 00002064
      FindResourceA@KERNEL32.DLL from PID 00002064
      FreeResource@KERNEL32.DLL from PID 00002064
      FindResourceA@kernel32.dll at 11388-1866-00406960
      source
      Hybrid Analysis Technology
      relevance
      1/10
    • Reads configuration files
      details
      "pansetup_02.tmp" read file "%PROGRAMFILES%\desktop.ini"
      "pansetup_02.tmp" read file "%APPDATA%\Mozilla\Firefox\profiles.ini"
      source
      API Call
      relevance
      4/10
  • Installation/Persistance
    • Drops executable files
      details
      "FLVSplitter.ax" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
      "ApnIC.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
      "is-D42E4.tmp" has type "PE32 executable (GUI) Intel 80386 for MS Windows UPX compressed"
      "is-TO6G2.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows UPX compressed"
      "pansetup_02.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
      "xviddll.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows"
      "is-VPFJI.tmp" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
      "askDialog.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
      "OCSetupHlp.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows"
      "ApnStub.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows"
      source
      Extracted File
      relevance
      10/10
  • Network Related
    • Found potential IP address in binary/memory
      details
      "9.9.9.9"
      "5.17.9.0"
      Heuristic match: "/kmp?env=(3.2.0.19)&mode=install&install=1&update=0"
      Heuristic match: "/installed?client=ic&tb=PTV&dtid=&id=9cd4fe47-6ee0-4e72-9fdf-2b3227ba637f&ipid=&iev=8.0.7601.17514&iedis=0&ielu=-2&fflu=-2&iv=&nv=&clientv=9.9.9.9&said=6fbb9602-c370-4aa6-a7fa-32f8bb4abddd&browser-lang=en&apn_dbr=ie_8.0.7601.17514&cr=0"
      "255.255.255.255"
      "127.0.0.1"
      "7.0.0.1"
      "2.5.4.10"
      Heuristic match: "KMPWizardVer=1.0.0.16 beta (2008/06/20)"
      Heuristic match: "LangVer=1.0.0.16 beta (2008/06/20)"
      "5.1.1.0"
      Heuristic match: "KMPWizardVer=1.1.0.18 beta (2009/01/09)"
      Heuristic match: "LangVer=1.0.0.8 beta (2008/07/15)"
      source
      String
      relevance
      3/10
    • Uses a User Agent typical for browsers, although no browser was ever launched
      details
      Found user agent(s): Mozilla/3.0 (compatible; Indy Library)
      source
      Network Traffic
      relevance
      10/10
  • Remote Access Related
    • Contains a remote desktop related string
      details
      "bN<d/vnc" (Indicator for product: Generic VNC)
      "istit historii nedvnch souboro" (Indicator for product: Generic VNC)
      "N321.Caption=Podrobnosti progresivnch &filtro..." (Indicator for product: Generic VNC)
      "TntRadioButton1.Caption=Ovldn barevnch tmat tnovnm/sytost YUV" (Indicator for product: Generic VNC)
      "TntRadioButton2.Caption=Ovldn barevnch tmat pravou hodnot RGB" (Indicator for product: Generic VNC)
      "TntCheckBox3.Caption=PYevzt atributy z prvnch titulko" (Indicator for product: Generic VNC)
      "TntCheckBox1.Caption=PYevzt atributy z prvnch titulko" (Indicator for product: Generic VNC)
      "TntCheckBox3.Caption=Povolit cache pro soubory na pevnch discch" (Indicator for product: Generic VNC)
      "TntCheckBox47.Caption=Zachovat Ydky dle tYdy prvnch titulko" (Indicator for product: Generic VNC)
      "StatwarsControl1.Item33=Autor a spolupracovnci nenesou v ~dnm" (Indicator for product: Generic VNC)
      "StatwarsControl1.Item62=Podrobnosti o knihovnch najdete" (Indicator for product: Generic VNC)
      source
      String
      relevance
      10/10
    • Contains indicators of bot communication commands
      details
      "CloseCmd=sQeN %CloseMenu%" (Indicator: "cmd=")
      "ControlBoxViewCmd=c6Rbg_/sQ %ControlBoxMenu%" (Indicator: "cmd=")
      "ViewFileINFOCmd=ZSOOo`... %FileInfoMenu%" (Indicator: "cmd=")
      "ConfigureViewCmd=Spen... %ConfigMenu%" (Indicator: "cmd=")
      "ExitCmd=Q %N23%" (Indicator: "cmd=")
      "OpenFileCmd=Sb_eN... %N233%" (Indicator: "cmd=")
      "OpenURLCmd=Sb_ URL... %URLOpenMenu%" (Indicator: "cmd=")
      "OpenFolderCmd=Sb_eN9Y... %FolderOpenMenu%" (Indicator: "cmd=")
      "OpenTVOutCmd=Sb_eN[*hV... %TVOutOpenMenu%" (Indicator: "cmd=")
      "OpenIEMediaCmd=Sb_eg IE v URL%IEOpenMenu%" (Indicator: "cmd=")
      "OpenRecentCmd=Sb_gveN %RecentOpenMenu%" (Indicator: "cmd=")
      "OpenReTryCmd=eSb_S_MRveN %ReOpenMenu%" (Indicator: "cmd=")
      "OpenWDMCmd=n WDM/BDA Y... %WDMOpenMenu%" (Indicator: "cmd=")
      "OpenBaseWDMCmd=Sb_gvY %WDMBaseOpenMenu%" (Indicator: "cmd=")
      "OpenDVDDeviceCmd=Sb_ DVD Y %DVDDeviceMenu%" (Indicator: "cmd=")
      "OpenDVDFileCmd=Sb_ DVD eN... %DVDFileMenu%" (Indicator: "cmd=")
      "OpenVCDCmd=Sb_ CD %VCDOpenMenu%" (Indicator: "cmd=")
      "WDMOpenAnalogCmd=Sb_ WDM (ATV) %WDMAnalogOpenMenu%" (Indicator: "cmd=")
      "WDMOpenDigitalCmd=Sb_ BDA (DTV) %WDMHDTVOpenMenu%" (Indicator: "cmd=")
      "AlbumPrevOpenCmd=" (Indicator: "cmd=")
      source
      String
      relevance
      10/10
    • Reads terminal service related keys (often RDP related)
      details
      "KMPlayer.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
      "UnistAX.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
      "PandoraService.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
      "PanElevateExecutor.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
      "ns2CD8.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
      "nsAC60.tmp" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
      "askDialog.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\TERMINAL SERVER"; Key: "TSUSERENABLED")
      source
      Registry Access
      relevance
      10/10
  • Spyware/Information Retrieval
    • Accesses potentially sensitive information from local browsers
      details
      "KMPlayer.exe" had access to "%APPDATA%\Microsoft\Windows\Cookies\index.dat" (Type: "FileHandle")
      "KMPlayer.exe" had access to "%APPDATA%\Microsoft\Windows\IETldCache\index.dat" (Type: "FileHandle")
      "ApnStub.exe" had access to "%APPDATA%\Microsoft\Windows\Cookies\index.dat" (Type: "FileHandle")
      "ApnStub.exe" had access to "%LOCALAPPDATA%\Microsoft\Windows\History\History.IE5\index.dat" (Type: "FileHandle")
      source
      Touched Handle
      relevance
      7/10
    • Contains ability to open the clipboard
      details
      OpenClipboard@USER32.DLL from PID 00002900
      OpenClipboard@USER32.DLL from PID 00002900
      OpenClipboard@USER32.DLL from PID 00003304
      OpenClipboard@USER32.dll at 15759-2160-10003F72
      source
      Hybrid Analysis Technology
      relevance
      10/10
    • Contains ability to retrieve keyboard strokes
      details
      GetKeyboardState@USER32.DLL from PID 00003508
      GetKeyboardState@USER32.DLL from PID 00003508
      GetKeyboardState@USER32.DLL from PID 00003304
      GetKeyboardState@USER32.DLL from PID 00003304
      GetKeyboardState@USER32.DLL from PID 00001300
      GetKeyboardState@USER32.DLL from PID 00001300
      GetKeyboardState@USER32.DLL from PID 00002064
      GetKeyboardState@USER32.DLL from PID 00002064
      GetKeyboardState@user32.dll at 11388-2529-00406EC8
      source
      Hybrid Analysis Technology
      relevance
      8/10
  • System Destruction
    • Marks file for deletion
      details
      "C:\KMPlayer _.exe" marked "%TEMP%\nsy4666.tmp" for deletion
      "C:\KMPlayer _.exe" marked "%TEMP%\nsu474E.tmp" for deletion
      "C:\KMPlayer _.exe" marked "%TEMP%\nsu474E.tmp\splash.bmp" for deletion
      "C:\KMPlayer _.exe" marked "%TEMP%\nsu474E.tmp\ns2CD8.tmp" for deletion
      "%PROGRAMFILES%\The KMPlayer\KMPlayer.exe" marked "%PROGRAMFILES%\The KMPlayer\Privilege.dat" for deletion
      "%TEMP%\nsu474E.tmp\pansetup_02.exe" marked "%TEMP%\is-8SNDF.tmp\pansetup_02.tmp" for deletion
      "%TEMP%\nsu474E.tmp\pansetup_02.exe" marked "%TEMP%\is-8SNDF.tmp" for deletion
      "%TEMP%\is-8SNDF.tmp\pansetup_02.tmp" marked "%TEMP%\is-1V8BU.tmp\_isetup\_RegDLL.tmp" for deletion
      "%TEMP%\is-8SNDF.tmp\pansetup_02.tmp" marked "%TEMP%\is-1V8BU.tmp\_isetup\_shfoldr.dll" for deletion
      "%TEMP%\is-8SNDF.tmp\pansetup_02.tmp" marked "%TEMP%\is-1V8BU.tmp\_isetup" for deletion
      "%TEMP%\is-8SNDF.tmp\pansetup_02.tmp" marked "%TEMP%\is-1V8BU.tmp" for deletion
      "%TEMP%\nsu474E.tmp\ApnStub.exe" marked "%TEMP%\Cab88D7.tmp" for deletion
      "%TEMP%\nsu474E.tmp\ApnStub.exe" marked "%TEMP%\Tar88D8.tmp" for deletion
      source
      API Call
      relevance
      10/10
    • Opens file with deletion access rights
      details
      "<Input Sample>" opened "%TEMP%\nsy4666.tmp" with delete access
      "<Input Sample>" opened "%TEMP%\nsu474E.tmp" with delete access
      "<Input Sample>" opened "%TEMP%\nsu474E.tmp\splash.bmp" with delete access
      "<Input Sample>" opened "%TEMP%\nsu474E.tmp\ns2CD8.tmp" with delete access
      "KMPlayer.exe" opened "%PROGRAMFILES%\The KMPlayer\Privilege.dat" with delete access
      "pansetup_02.exe" opened "%TEMP%\is-8SNDF.tmp\pansetup_02.tmp" with delete access
      "pansetup_02.exe" opened "%TEMP%\is-8SNDF.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-NOPQB.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-O1D5J.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-D42E4.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-1VRA3.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-NC8C3.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-EG55C.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-TO6G2.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-LRC2M.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-PNAI4.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-UPNQG.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-KQACK.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-EK0GG.tmp" with delete access
      "pansetup_02.tmp" opened "C:\Program Files\PANDORA.TV\PanService\is-0NLI5.tmp" with delete access
      source
      API Call
      relevance
      7/10
  • System Security
    • Contains ability to elevate privileges
      details
      SetSecurityDescriptorDacl@ADVAPI32.DLL from PID 00003304
      SetSecurityDescriptorDacl@ADVAPI32.DLL from PID 00001300
      SetSecurityDescriptorDacl@ADVAPI32.DLL from PID 00000312
      SetSecurityDescriptorDacl@ADVAPI32.DLL from PID 00003840
      source
      Hybrid Analysis Technology
      relevance
      10/10
Источник: [https://torrent-igruha.org/3551-portal.html]
tntware 3.2 r free download

Tntware 3.2 r free download - opinion obvious

Tntware 3.2 r free download

0 thoughts to “Tntware 3.2 r free download”

Leave a Reply

Your email address will not be published. Required fields are marked *