Behavioral task
behavioral1
Sample
70dda069a4c8c175968ee7faa7c9e5d5189c99caad93e36efcf6a63c239a7a05.pdf
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
70dda069a4c8c175968ee7faa7c9e5d5189c99caad93e36efcf6a63c239a7a05.pdf
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
70dda069a4c8c175968ee7faa7c9e5d5189c99caad93e36efcf6a63c239a7a05
-
Size
6.3MB
-
MD5
fd36b5006634aaac0bd15ccff3ca405d
-
SHA1
4a5ebd261e2847a69337247a75e2d9f0cf804e13
-
SHA256
70dda069a4c8c175968ee7faa7c9e5d5189c99caad93e36efcf6a63c239a7a05
-
SHA512
c2d8a64a66ac0ccbf0e0fdf6ce93147ebda3a1c378bc84e260ef1adf0fb0498b1a78154bf63fd2088cc799ff543ab10322ad7a8381ea539554d31b532e647613
-
SSDEEP
49152:4rUy4MxQzLSgL24vEN7AuJWkLqegGdGa1aMnSxpfaA0:KGMxQzLS2vENekeeJPyfaA0
Malware Config
Signatures
Files
-
70dda069a4c8c175968ee7faa7c9e5d5189c99caad93e36efcf6a63c239a7a05.pdf
-
https://aka.ms/learn-pdf-feedback
-
https://blogs.technet.microsoft.com/markrussinovich/
-
https://techcommunity.microsoft.com/t5/Sysinternals-Blog/bg-p/Sysinternals-Blog
-
https://www.youtube.com/playlist?list=PLhFhDWFYccZ_GvdJ11NZwaBAhwDCWmni_
-
https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/bg-p/Windows-Blog-Archive/label-name/Mark%20Russinovich
-
https://aka.ms/sysint-forums
-
https://live.sysinternals.com/
-
https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?board=Sysinternals-Blog
-
https://github.com/Sysinternals/ProcDump-for-Linux/releases/tag/3.2.0
-
https://github.com/Sysinternals/ProcDump-for-Linux/releases/tag/3.1.0
-
https://github.com/Sysinternals/ProcDump-for-Linux/releases/tag/3.0
-
https://github.com/Sysinternals/ProcDump-for-Linux/releases/tag/2.2
-
https://github.com/Sysinternals/SysmonForLinux/releases/tag/1.3.0.0
-
https://download.sysinternals.com/files/SysinternalsSuite.zip
-
https://download.sysinternals.com/files/SysinternalsSuite-Nano.zip
-
https://download.sysinternals.com/files/SysinternalsSuite-ARM64.zip
-
https://www.microsoft.com/store/apps/9p7knl5rwt25
-
https://learn.microsoft.com/en-us/sysinternals/downloads/findlinks
-
https://learn.microsoft.com/en-us/sysinternals/downloads/junction
-
https://download.sysinternals.com/files/AccessChk.zip
-
https://live.sysinternals.com/accesschk.exe
-
https://download.sysinternals.com/files/AccessEnum.zip
-
https://live.sysinternals.com/AccessEnum.exe
-
https://download.sysinternals.com/files/CacheSet.zip
-
https://live.sysinternals.com/Cacheset.exe
-
https://learn.microsoft.com/en-us/sysinternals/downloads/media/cacheset/cacheset.gif
-
https://download.sysinternals.com/files/Contig.zip
-
https://download.sysinternals.com/files/Disk2vhd.zip
-
https://live.sysinternals.com/disk2vhd.exe
-
https://learn.microsoft.com/en-us/sysinternals/downloads/media/disk2vhd/disk2vhd_02.jpg
-
https://download.sysinternals.com/files/DiskExt.zip
-
https://download.sysinternals.com/files/DiskMon.zip
-
https://live.sysinternals.com/Diskmon.exe
-
https://learn.microsoft.com/en-us/sysinternals/downloads/media/diskmon/diskmon.gif
-
https://download.sysinternals.com/files/DU.zip
-
https://download.sysinternals.com/files/DiskView.zip
-
https://live.sysinternals.com/DiskView.exe
-
https://learn.microsoft.com/en-us/sysinternals/downloads/media/diskview/diskview.gif
-
https://download.sysinternals.com/files/EFSDump.zip
-
https://download.sysinternals.com/files/LdmDump.zip
-
https://download.sysinternals.com/files/pendmoves.zip
-
https://download.sysinternals.com/files/NTFSInfo.zip
-
https://download.sysinternals.com/files/SDelete.zip
-
https://download.sysinternals.com/files/Sigcheck.zip
-
https://www.virustotal.com/
-
https://www.virustotal.com/en/about/terms-of-service/
-
https://channel9.msdn.com/events/teched/northamerica/2013/atc-b308#fbid=mb6_bvqq9jj
-
https://download.sysinternals.com/files/Streams.zip
-
https://download.sysinternals.com/files/Sync.zip
-
https://download.sysinternals.com/files/VolumeId.zip
-
https://download.sysinternals.com/files/AdExplorer.zip
-
https://live.sysinternals.com/ADExplorer.exe
-
https://download.sysinternals.com/files/AdInsight.zip
-
https://live.sysinternals.com/ADInsight.exe
-
https://download.sysinternals.com/files/ADRestore.zip
-
https://support.microsoft.com/kb/840001
-
https://download.sysinternals.com/files/PipeList.zip
-
https://download.sysinternals.com/files/PSTools.zip
-
https://download.sysinternals.com/files/ShareEnum.zip
-
https://live.sysinternals.com/ShareEnum.exe
-
https://learn.microsoft.com/en-us/sysinternals/downloads/media/shareenum/shareenum.gif
-
https://download.sysinternals.com/files/TCPView.zip
-
https://live.sysinternals.com/Tcpview.exe
-
https://download.sysinternals.com/files/WhoIs.zip
-
https://www.sysinternals.com/
-
https://download.sysinternals.com/files/Autoruns.zip
-
https://live.sysinternals.com/autoruns.exe
-
https://www.microsoft.com/en-us/videoplayer/embed/RW14GhU?autoplay=true&loop=true&controls=false&postJsllMsg=true
-
https://download.sysinternals.com/files/Handle.zip
-
https://download.sysinternals.com/files/ListDlls.zip
-
https://download.sysinternals.com/files/PortMon.zip
-
https://live.sysinternals.com/portmon.exe
-
https://learn.microsoft.com/en-us/sysinternals/downloads/media/portmon/portmon.gif
-
https://download.sysinternals.com/files/Procdump.zip
-
https://github.com/Sysinternals/ProcDump-for-Linux
-
https://www.microsoft.com/en-us/videoplayer/embed/RE591St?autoplay=true&loop=true&controls=false&postJsllMsg=true
-
https://github.com/Microsoft/ProcDump-for-Linux
-
https://learn.microsoft.com/en-us/shows/defrag-tools/9-procdump
-
https://learn.microsoft.com/en-us/shows/defrag-tools/10-procdump-triggers
-
https://learn.microsoft.com/en-us/shows/defrag-tools/11-procdump-windows-8-process-monitor
-
https://download.sysinternals.com/files/ProcessExplorer.zip
-
https://live.sysinternals.com/procexp.exe
-
https://www.microsoft.com/en-us/videoplayer/embed/RE5d5Rd?autoplay=true&loop=true&controls=false&postJsllMsg=true
-
https://learn.microsoft.com/en-us/answers/topics/windows-sysinternals-procexp.html
-
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/symsrv
-
https://www.youtube.com/watch?v=PYHqrwQIoxc
-
https://learn.microsoft.com/en-us/shows/defrag-tools/2-process-explorer
-
https://download.sysinternals.com/files/ProcessMonitor.zip
-
https://github.com/Sysinternals/Procmon-for-Linux
-
https://live.sysinternals.com/Procmon.exe
-
https://www.itprotoday.com/compute-engines/psexec
-
https://windowsitpro.com/search/results/mark%27s%20article?filters=ss_type:article
-
https://learn.microsoft.com/en-us/answers/topics/windows-sysinternals-pstools.html
-
https://technet.microsoft.com/library/2007.03.desktopfiles.aspx
-
https://download.sysinternals.com/files/ShellRunas.zip
-
https://forum.sysinternals.com/
-
https://download.sysinternals.com/files/VMMap.zip
-
https://live.sysinternals.com/vmmap.exe
-
https://learn.microsoft.com/en-us/shows/defrag-tools/live-build-2014
-
https://download.sysinternals.com/files/AutoLogon.zip
-
https://live.sysinternals.com/Autologon.exe
-
https://learn.microsoft.com/en-us/windows/win32/secauthn/protecting-the-automatic-logon-password/
-
https://download.sysinternals.com/files/logonSessions.zip
-
https://techcommunity.microsoft.com/t5/sysinternals-blog/filemon-and-regmon-retired-newsid-end-of-life/ba-p/725877
-
https://support.microsoft.com/default.aspx?scid=kb;en-us;314828
-
https://www.symantec.com/
-
https://www.powerquest.com/
-
https://www.altiris.com/
-
https://download.sysinternals.com/files/RootkitRevealer.zip
-
https://live.sysinternals.com/RootkitRevealer.exe
-
https://learn.microsoft.com/en-us/sysinternals/downloads/media/rootkit-revealer/rootkitrevealer.gif
-
https://blogs.technet.com/markrussinovich
-
https://windowsitpro.com/windows
-
https://www.amazon.com/rootkits-subverting-windows-greg-hoglund/dp/0321294319/sr=8-1/qid=1162397366/ref=pd_bbs_sr_1/103-0553948-5716666?ie=utf8&s=books
-
http://www.phrack.org/
-
https://www.amazon.com/art-computer-virus-research-defense/dp/0321304543/sr=8-1/qid=1162397489/ref=pd_bbs_sr_1/103-0553948-5716666?ie=utf8&s=books
-
https://www.amazon.com/malware-fighting-malicious-ed-skoudis/dp/0131014056/sr=1-2/qid=1162397556/ref=pd_bbs_sr_2/103-0553948-5716666?ie=utf8&s=books
-
https://download.sysinternals.com/files/Sysmon.zip
-
https://github.com/Sysinternals/SysmonForLinux
-
https://msdn.microsoft.com/library/windows/desktop/bb427443(v=vs.85).aspx
-
https://en.wikipedia.org/wiki/security_information_and_event_management
-
https://learn.microsoft.com/en-us/windows/win32/services/protecting-anti-malware-services-#system-protected-process
-
https://twitter.com/markrussinovich
-
https://download.sysinternals.com/files/ClockRes.zip
-
https://download.sysinternals.com/files/Coreinfo.zip
-
https://msdn.microsoft.com/library/ms683194.aspx
-
https://download.sysinternals.com/files/LiveKD.zip
-
https://www.microsoft.com/whdc/devtools/debugging/default.mspx
-
https://msdn.microsoft.com/library/windows/hardware/ff551063(v=vs.85).aspx
-
https://download.sysinternals.com/files/LoadOrder.zip
-
https://live.sysinternals.com/LoadOrd.exe
-
https://download.sysinternals.com/files/RAMMap.zip
-
https://live.sysinternals.com/RAMMap.exe
-
https://learn.microsoft.com/en-us/shows/defrag-tools/6-rammap
-
https://download.sysinternals.com/files/WinObj.zip
-
https://live.sysinternals.com/Winobj.exe
-
https://www.windowsitpro.com/
-
https://download.sysinternals.com/files/BGInfo.zip
-
https://live.sysinternals.com/Bginfo.exe
-
https://web.archive.org/web/20170806013538/https://windowsitpro.com/systems-management/bginfo
-
https://learn.microsoft.com/en-us/answers/topics/windows-sysinternals-bginfo.html
-
https://download.sysinternals.com/files/BlueScreen.zip
-
https://www.itprotoday.com/compute-engines/inside-blue-screen
-
https://download.sysinternals.com/files/CPUSTRES.zip
-
https://live.sysinternals.com/cpustres.exe
-
https://download.sysinternals.com/files/Ctrl2Cap.zip
-
https://learn.microsoft.com/en-us/sysinternals/downloads/filemon
-
https://download.sysinternals.com/files/DebugView.zip
-
https://live.sysinternals.com/Dbgview.exe
-
https://learn.microsoft.com/en-us/sysinternals/downloads/media/debugview/debugview.gif
-
https://download.sysinternals.com/files/Desktops.zip
-
https://live.sysinternals.com/Desktops.exe
-
https://download.sysinternals.com/files/Hex2Dec.zip
-
https://download.sysinternals.com/files/NotMyFault.zip
-
https://download.sysinternals.com/files/RDCMan.zip
-
https://live.sysinternals.com/RDCMan.exe
-
https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-role-enable-remote-desktop-powershell
-
https://download.sysinternals.com/files/Regdelnull.zip
-
https://download.sysinternals.com/files/RU.zip
-
https://download.sysinternals.com/files/RegHide.zip
-
https://live.sysinternals.com/Reghide.exe
-
https://download.sysinternals.com/files/regjump.zip
-
https://download.sysinternals.com/files/Strings.zip
-
https://download.sysinternals.com/files/Testlimit.zip
-
https://download.sysinternals.com/files/TestLimit.zip
-
https://live.sysinternals.com/Testlimit.exe
-
https://download.sysinternals.com/files/ZoomIt.zip
-
https://live.sysinternals.com/ZoomIt.exe
-
https://www.microsoft.com/en-us/videoplayer/embed/RE55yQm?autoplay=true&loop=true&controls=false&postJsllMsg=true
-
https://learn.microsoft.com/en-us/windows/msix/package/bundling-overview
-
https://learn.microsoft.com/en-us/windows/msix/packaging-tool/create-start-group
-
https://learn.microsoft.com/en-us/uwp/schemas/appxpackage/uapmanifestschema/element-uap5-appexecutionalias
-
https://twitter.com/Sysinternals
-
https://technet.microsoft.com/magazine/cc162494.aspx
-
https://technet.microsoft.com/magazine/cc162480.aspx
-
https://technet.microsoft.com/magazine/cc162458.aspx
-
https://technet.microsoft.com/magazine/cc138019.aspx
-
https://technet.microsoft.com/magazine/cc194386.aspx
-
https://aka.ms/SysinternalsVideos
-
https://www.youtube.com/watch?v=tR22u6H8E5w&list=PLLhSArDiaW6IgzMYEMaEf_BF2yQN40fIm&index=1
-
https://www.youtube.com/watch?v=6RqFPrCcWfY&list=PLLhSArDiaW6IgzMYEMaEf_BF2yQN40fIm&index=2
-
https://www.youtube.com/watch?v=ZqZvzA4OGDA&list=PLLhSArDiaW6IgzMYEMaEf_BF2yQN40fIm&index=3
-
https://www.youtube.com/watch?v=9H0Dz3NbNYQ&list=PLLhSArDiaW6IgzMYEMaEf_BF2yQN40fIm&index=4
-
https://www.youtube.com/watch?v=6W6pXp6EojY&list=PLLhSArDiaW6IgzMYEMaEf_BF2yQN40fIm&index=5
-
https://www.youtube.com/watch?v=G_YlltkI2mA&list=PLLhSArDiaW6IgzMYEMaEf_BF2yQN40fIm&index=6
-
https://www.youtube.com/watch?v=52c1QIW6niE&list=PLLhSArDiaW6IgzMYEMaEf_BF2yQN40fIm&index=7
-
https://www.youtube.com/watch?v=XWq3v9Z6pgo&list=PLLhSArDiaW6IgzMYEMaEf_BF2yQN40fIm&index=8
-
https://www.youtube.com/watch?v=_ZTaJ-sbLfk&list=PLLhSArDiaW6IgzMYEMaEf_BF2yQN40fIm&index=9
-
https://www.hpe.com/us/en/insights/articles/candid-talk-from-the-man-behind-your-favorite-windows-tools-2107.html
-
https://channel9.msdn.com/shows/defrag-tools
-
https://channel9.msdn.com/shows/the-defrag-show
-
https://learn.microsoft.com/en-us/shows/defrag-tools/building-your-usb-thumbdrive
-
https://learn.microsoft.com/en-us/shows/defrag-tools/3-process-monitor
-
https://learn.microsoft.com/en-us/shows/defrag-tools/4-process-monitor
-
https://learn.microsoft.com/en-us/shows/defrag-tools/5-autoruns
-
https://learn.microsoft.com/en-us/shows/defrag-tools/7-vmmap
-
https://learn.microsoft.com/en-us/shows/defrag-tools/live-teched-2014-mark-russinovich
-
https://learn.microsoft.com/en-us/shows/defrag-tools/12-taskmgr-resmon
-
https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fvideo.ch9.ms%2Fsessions%2Fteched%2Fna%2F2014%2FDCIM-B340.pptx&wdOrigin=BROWSELINK
-
https://www.youtube.com/watch?v=J78NUIDSIAM
-
https://www.youtube.com/watch?v=IL1-X05cZak
-
https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fvideo.ch9.ms%2Fecn%2Fte%2FNorthAmerica%2F2010%2Fpptx%2FWCL314.pptx
-
https://www.youtube.com/watch?v=7zu93I-xu6c
-
https://www.youtube.com/watch?v=WbIYw0tKqm8
-
https://www.youtube.com/watch?v=iVCU2BDcfo8
-
https://www.youtube.com/watch?v=RmORNa7rXm8
-
https://www.youtube.com/watch?v=wO6oUqZpM_A
-
https://www.youtube.com/watch?v=CrG_spCpplU
-
https://technet.microsoft.com/sysinternals/bb963890.aspx
-
https://channel9.msdn.com/events/build/2015/3-618
-
https://learn.microsoft.com/en-us/events/ignite-2015/brk2477
-
https://www.youtube.com/watch?v=lk4eCARD1RU
-
https://learn.microsoft.com/en-us/events/teched-2012/azr302
-
https://learn.microsoft.com/en-us/events/build-build2011/sac-852f
-
https://learn.microsoft.com/en-us/events/build-build2011/sac-853t
-
https://channel9.msdn.com/shows/going+deep/mark-russinovich-windows-azure-cloud-operating-systems-and-platform-as-a-service
-
https://channel9.msdn.com/shows/going+deep/mark-russinovich-inside-windows-7/
-
https://channel9.msdn.com/shows/going+deep/mark-russinovich-inside-windows-7-redux
-
https://channel9.msdn.com/shows/going+deep/mark-russinovich-on-working-at-microsoft-windows-server-2008-kernel-minwin-vs-servercore-hyperv/
-
https://www.youtube.com/watch?v=uXRfD0sx-LA
-
https://www.youtube.com/watch?v=vW8eAqZyWeo
-
https://www.youtube.com/watch?v=A_TPZxuTzBU
-
https://www.youtube.com/watch?v=SX7Lxvb5ZD8
-
https://download.sysinternals.com/files/SysinternalsMalwareCleaning.pdf
-
https://channel9.msdn.com/showpost.aspx?postid=294410
-
https://www.microsoftpressstore.com/store/windows-internals-part-1-system-architecture-processes-9780735684188
-
https://www.microsoftpressstore.com/store/windows-internals-part-2-9780135462409
-
https://learn.microsoft.com/en-us/sysinternals
-
https://github.com/zodiacon/WindowsInternals
-
https://www.microsoftpressstore.com/store/troubleshooting-with-the-windows-sysinternals-tools-9780735684447
-
https://www.amazon.com/troubleshooting-windows-sysinternals-tools-2nd/dp/0735684448/ref=sr_1_1?ie=utf8&qid=1476900936&sr=8-1&keywords=9780735684447
-
https://www.barnesandnoble.com/w/troubleshooting-with-the-windows-sysinternals-tools-mark-russinovich/1124173500?ean=9780735684447
-
https://www.indiebound.org/book/9780735684447
-
https://www.oreilly.com/library/view/troubleshooting-with-the/9780133986549/
-
https://www.amazon.com/troubleshooting-windows-sysinternals-tools-2nd/dp/0735684448#reader_0735684448
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v01n01
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v01n02
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v01n03
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v01n04
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v01n05
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v02n01
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v02n02
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v02n03
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v02n04
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v02n05
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v03n01
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v03n02
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v04n01
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v04n02
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v04n03
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v05n01
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v05n02
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v06n01
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v06n02
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v07n01
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v07n01special
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v07n02
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v08n01
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v08n02migration
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v08n03techcenter
-
https://learn.microsoft.com/en-us/sysinternals/resources/archive/v08n04procmon
-
https://go.microsoft.com/fwlink/?LinkId=521839
-
https://www.microsoft.com/exporting
- Show all
-