"MTC batch.bat" has type "ASCII text with CRLF line terminators"
"Fonts.dll" claimed CRC 5849599 while the actual is CRC 3581055Īntivirus vendors marked dropped file "batik-gui-util.jar" as clean (type is "Zip archive data at least v1.0 to extract")Īntivirus vendors marked dropped file "batik-script.jar" as clean (type is "Zip archive data at least v1.0 to extract")Īntivirus vendors marked dropped file "batik-util.jar" as clean (type is "Zip archive data at least v1.0 to extract")Īntivirus vendors marked dropped file "batik-svg-dom.jar" as clean (type is "Zip archive data at least v1.0 to extract")Īntivirus vendors marked dropped file "batik-gvt.jar" as clean (type is "Zip archive data at least v1.0 to extract")Īntivirus vendors marked dropped file "batik-dom.jar" as clean (type is "Zip archive data at least v1.0 to extract")Īntivirus vendors marked dropped file "batik-ext.jar" as clean (type is "Zip archive data at least v1.0 to extract")Īntivirus vendors marked dropped file "batik.jar" as clean (type is "Zip archive data at least v1.0 to extract")Īntivirus vendors marked dropped file "Fighter.exe" as clean (type is "PE32 executable (console) Intel 80386 (stripped to external PDB) for MS Windows"), Antivirus vendors marked dropped file "batik-xml.jar" as clean (type is "Zip archive data at least v1.0 to extract"), Antivirus vendors marked dropped file "batik-parser.jar" as clean (type is "Zip archive data at least v1.0 to extract"), Antivirus vendors marked dropped file "xerces_2_5_0.jar" as clean (type is "Zip archive data at least v1.0 to extract") "Fonts.dll" claimed CRC 3581055 while the actual is CRC 177270 "World_FighterSimu_FighterSimulator.exe" claimed CRC 177270 while the actual is CRC 149014 "Fighter.exe" claimed CRC 149014 while the actual is CRC 4635916 "SDY1_CruiseControl.dll" claimed CRC 4635916 while the actual is CRC 4446287 "SDY1_FighterDisplay.dll" claimed CRC 4446287 while the actual is CRC 5188986 "SDY2_FighterSimu.dll" claimed CRC 6895291 while the actual is CRC 3581165 "Fonts.dll" claimed CRC 3581165 while the actual is CRC 1504471 "SDY2_FighterSimu.dll" claimed CRC 1504471 while the actual is CRC 4360977 "SDY1_DigitalStopwatch.dll" claimed CRC 4360977 while the actual is CRC 95382 "FlightControlSimulation_World.exe" claimed CRC 95382 while the actual is CRC 608205 "SDY1_FighterDisplay.dll" claimed CRC 608205 while the actual is CRC 3592017 "font_table.dll" claimed CRC 3592017 while the actual is CRC 5245664 "Fonts.dll" claimed CRC 5849380 while the actual is CRC 5126660 "SDY2_ControlPanel.dll" claimed CRC 6927251 while the actual is CRC 5271767 "Fonts.dll" claimed CRC 7728397 while the actual is CRC 5278461 "SDY2_ControlPanel.dll" claimed CRC 6987325 while the actual is CRC 3581089 "Fonts.dll" claimed CRC 3581089 while the actual is CRC 21524642 "World_FighterSimu_FighterSimulator.exe" has type "PE32+ executable (console) x86-64 for MS Windows" "Fighter.exe" has type "PE32 executable (console) Intel 80386 (stripped to external PDB) for MS Windows" "SDY1_CruiseControl.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows" "SDY1_FighterDisplay.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows" "SDY2_FighterSimu.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows" "SDY2_FighterSimu.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "SDY1_DigitalStopwatch.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows" "FlightControlSimulation_World.exe" has type "PE32+ executable (console) x86-64 for MS Windows" "SDY1_FighterDisplay.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "font_table.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "SDY2_ControlPanel.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows"
"Fonts.dll" has type "PE32+ executable (DLL) (GUI) x86-64 for MS Windows"
Reads terminal service related keys (often RDP related)Īdversaries may target user email to collect sensitive information from a target.įound a potential E-Mail address in binary/memory Remote desktop is a common feature in operating systems.
Software packing is a method of compressing or encrypting an executable.
Process injection is a method of executing arbitrary code in the address space of a separate live process. Installs hooks/patches the running process
Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources.