Click to jump to signature section
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: unknown | TCP traffic detected without corresponding DNS query: 164.92.232.192 |
Source: snd.exe, 00000000.00000002.519526709.00000000031C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: snd.exe | String found in binary or memory: https://164.92.232.192/data/ |
Source: snd.exe | String found in binary or memory: https://164.92.232.192/data/3Can |
Source: snd.exe, 00000000.00000002.519526709.00000000031C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://164.92.232.192/data/WORKGROUP.813848/ |
Source: snd.exe, 00000000.00000002.519526709.00000000031C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://164.92.232.192/data/x |
Source: snd.exe, 00000000.00000002.519526709.00000000031C1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://164.92.232.192x |
Source: snd.exe, 00000000.00000002.519656216.000000000327C000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://164.92H |
Source: snd.exe | String found in binary or memory: https://duckduckgo.com |
Source: snd.exe | String found in binary or memory: https://duckduckgo.comqThere |
Source: snd.exe | String found in binary or memory: https://tools.ietf.org/html/rfc4253#sec |
Source: snd.exe | String found in binary or memory: https://tools.ietf.org/html/rfc4253#section-4. |
Source: snd.exe | String found in binary or memory: https://tools.ietf.org/html/rfc4253#section-4.2 |
Source: snd.exe, type: SAMPLE | Matched rule: Detects BlackMatter data exfiltration tool Author: ditekSHen |
Source: 0.2.snd.exe.d30000.0.unpack, type: UNPACKEDPE | Matched rule: Detects BlackMatter data exfiltration tool Author: ditekSHen |
Source: 0.0.snd.exe.d30000.0.unpack, type: UNPACKEDPE | Matched rule: Detects BlackMatter data exfiltration tool Author: ditekSHen |
Source: snd.exe, type: SAMPLE | Matched rule: MALWARE_Win_ExMatter hash2 = a5e050f1278473d41c3a3d6f98f3fd82932f51a937bc57d8f5605815f0efb0f8, hash1 = 4a0e10e1e9fea0906379f99fa350b91c2af37f0fd2cc55491643cc71a9887d30, author = ditekSHen, description = Detects BlackMatter data exfiltration tool |
Source: 0.2.snd.exe.d30000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_ExMatter hash2 = a5e050f1278473d41c3a3d6f98f3fd82932f51a937bc57d8f5605815f0efb0f8, hash1 = 4a0e10e1e9fea0906379f99fa350b91c2af37f0fd2cc55491643cc71a9887d30, author = ditekSHen, description = Detects BlackMatter data exfiltration tool |
Source: 0.0.snd.exe.d30000.0.unpack, type: UNPACKEDPE | Matched rule: MALWARE_Win_ExMatter hash2 = a5e050f1278473d41c3a3d6f98f3fd82932f51a937bc57d8f5605815f0efb0f8, hash1 = 4a0e10e1e9fea0906379f99fa350b91c2af37f0fd2cc55491643cc71a9887d30, author = ditekSHen, description = Detects BlackMatter data exfiltration tool |
Source: snd.exe, 00000000.00000002.518779511.00000000012BC000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs snd.exe |
Source: snd.exe, 00000000.00000000.250137464.0000000000E7E000.00000002.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenamesender2.exe0 vs snd.exe |
Source: snd.exe | Binary or memory string: OriginalFilenamesender2.exe0 vs snd.exe |
Source: snd.exe, 00000000.00000002.520557629.0000000003631000.00000004.00000800.00020000.00000000.sdmp, snd.exe, 00000000.00000002.520547699.0000000003621000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C\\?\C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln |
Source: snd.exe, 00000000.00000002.520557629.0000000003631000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ?C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln0y |
Source: snd.exe, 00000000.00000002.520557629.0000000003631000.00000004.00000800.00020000.00000000.sdmp, snd.exe, 00000000.00000002.520584273.0000000003669000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: AutoItX.sln |
Source: snd.exe, 00000000.00000002.520584273.0000000003669000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: C\\?\C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln( |
Source: snd.exe, 00000000.00000002.520547699.0000000003621000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: \\?\C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln |
Source: snd.exe, 00000000.00000002.520584273.0000000003669000.00000004.00000800.00020000.00000000.sdmp | Binary or memory string: ?C:\Program Files (x86)\autoit3\AutoItX\Examples\C++\AutoItX.sln |
Source: snd.exe, Renci.SshNet/Security/KeyExchangeHashData.cs | Suspicious method names: System.Void Renci.SshNet.Security.KeyExchangeHashData::set_ClientPayload(System.Byte[]) |
Source: snd.exe, Renci.SshNet/Security/KeyExchangeHashData.cs | Suspicious method names: System.Void Renci.SshNet.Security.KeyExchangeHashData::set_ServerPayload(System.Byte[]) |
Source: snd.exe, Renci.SshNet/Security/KeyExchangeHashData.cs | Suspicious method names: System.Byte[] Renci.SshNet.Security.KeyExchangeHashData::get_ServerPayload() |
Source: snd.exe, Renci.SshNet/Security/KeyExchangeHashData.cs | Suspicious method names: System.Byte[] Renci.SshNet.Security.KeyExchangeHashData::get_ClientPayload() |
Source: snd.exe, Renci.SshNet/Security/GroupExchangeHashData.cs | Suspicious method names: System.Byte[] Renci.SshNet.Security.GroupExchangeHashData::get_ServerPayload() |
Source: snd.exe, Renci.SshNet/Security/GroupExchangeHashData.cs | Suspicious method names: System.Void Renci.SshNet.Security.GroupExchangeHashData::set_ServerPayload(System.Byte[]) |
Source: snd.exe, Renci.SshNet/Security/GroupExchangeHashData.cs | Suspicious method names: System.Byte[] Renci.SshNet.Security.GroupExchangeHashData::get_ClientPayload() |
Source: snd.exe, Renci.SshNet/Security/GroupExchangeHashData.cs | Suspicious method names: System.Void Renci.SshNet.Security.GroupExchangeHashData::set_ClientPayload(System.Byte[]) |
Source: snd.exe, Alphaleonis/Win32/Security/ProcessContext.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent() |
Source: snd.exe, Alphaleonis/Win32/Security/ProcessContext.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Int32) |
Source: snd.exe, Alphaleonis/Win32/Security/ProcessContext.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole) |
Source: snd.exe, Alphaleonis/Win32/Security/ProcessContext.cs | Security API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.SecurityIdentifier) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Void System.IO.Directory::SetAccessControl(System.String,System.Security.AccessControl.DirectorySecurity) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Security.AccessControl.DirectorySecurity System.IO.Directory::GetAccessControl(System.String) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Security.AccessControl.AuthorizationRuleCollection System.Security.AccessControl.CommonObjectSecurity::GetAccessRules(System.Boolean,System.Boolean,System.Type) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Void System.IO.File::SetAccessControl(System.String,System.Security.AccessControl.FileSecurity) |
Source: snd.exe, TakeOwnership/OwnershipTaker.cs | Security API names: System.Security.AccessControl.FileSecurity System.IO.File::GetAccessControl(System.String) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/Directory.cs | Security API names: System.Security.AccessControl.DirectorySecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlCore<System.Security.AccessControl.DirectorySecurity>(System.Boolean,System.String,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/Directory.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/Directory.cs | Security API names: System.Security.AccessControl.DirectorySecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlHandleCore<System.Security.AccessControl.DirectorySecurity>(System.Boolean,System.Boolean,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Security.SECURITY_INFORMATION) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/File.cs | Security API names: System.Security.AccessControl.FileSecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlCore<System.Security.AccessControl.FileSecurity>(System.Boolean,System.String,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/File.cs | Security API names: System.Security.AccessControl.FileSecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlHandleCore<System.Security.AccessControl.FileSecurity>(System.Boolean,System.Boolean,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Security.SECURITY_INFORMATION) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/File.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Security/InternalPrivilegeEnabler.cs | Security API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Security.Principal.TokenAccessLevels) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/FileInfo.cs | Security API names: System.Security.AccessControl.FileSecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlCore<System.Security.AccessControl.FileSecurity>(System.Boolean,System.String,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/FileInfo.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/DirectoryInfo.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/DirectoryInfo.cs | Security API names: System.Security.AccessControl.DirectorySecurity Alphaleonis.Win32.Filesystem.File::GetAccessControlCore<System.Security.AccessControl.DirectorySecurity>(System.Boolean,System.String,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: snd.exe, Alphaleonis/Win32/Filesystem/BackupFileStream.cs | Security API names: System.Void Alphaleonis.Win32.Filesystem.File::SetAccessControlCore(System.String,Microsoft.Win32.SafeHandles.SafeFileHandle,System.Security.AccessControl.ObjectSecurity,System.Security.AccessControl.AccessControlSections,Alphaleonis.Win32.Filesystem.PathFormat) |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -22136092888451448s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -100000s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99843s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99703s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99584s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99435s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99290s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99187s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -99077s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98968s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98859s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98750s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98640s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98530s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98421s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98312s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98202s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -98093s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97983s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97874s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97765s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97656s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97546s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97437s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97327s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97218s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -97108s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96998s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96890s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96780s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96669s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96562s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96449s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96342s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96234s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96121s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -96015s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95906s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95795s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95687s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95577s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95468s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95359s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95241s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95140s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -95031s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94922s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94812s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94703s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94592s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94483s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe TID: 4592 | Thread sleep time: -94373s >= -30000s |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 922337203685477 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 100000 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99843 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99703 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99584 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99435 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99290 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99187 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 99077 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98968 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98859 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98750 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98640 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98530 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98421 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98312 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98202 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 98093 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97983 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97874 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97765 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97656 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97546 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97437 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97327 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97218 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 97108 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96998 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96890 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96780 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96669 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96562 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96449 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96342 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96234 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96121 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 96015 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95906 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95795 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95687 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95577 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95468 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95359 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95241 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95140 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 95031 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94922 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94812 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94703 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94592 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94483 |
Source: C:\Users\user\Desktop\snd.exe | Thread delayed: delay time: 94373 |
Source: snd.exe, 00000000.00000002.519127719.000000000131A000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: snd.exe, 00000000.00000002.519127719.000000000131A000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllD |