![]() "sessionLoader.dll" claimed CRC 63736 while the actual is CRC 378770 "interface.dll" claimed CRC 378770 while the actual is CRC 61545 "libwinpthread-1.dll" claimed CRC 61545 while the actual is CRC 85902 Modifies auto-execute functionality by setting/creating a value in the registry "ultracopier.exe" has type "PE32 executable (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "qwindows.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "pluginLoader.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "listener.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "libgcc_s_dw2-1.dll" has type "PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB) for MS Windows" "libstdc -6.dll" has type "PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB) for MS Windows" "Qt5Xml.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "InstallOptions.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" ![]() "catchcopy64.dll" has type "PE32 executable (DLL) (GUI) x86-64 (stripped to external PDB) for MS Windows" "catchcop圓2.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "copyEngine.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "Qt5Network.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "System.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "Qt5Widgets.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "sessionLoader.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "interface.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "Qt5Core.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "Qt5Gui.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB) for MS Windows" "libwinpthread-1.dll" has type "PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB) for MS Windows" "uninst.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows Nullsoft Installer self-extracting archive" "ultracopier.exe" wrote 52 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 360)Ĭontains ability to reboot/shutdown the operating system "ultracopier.exe" wrote 32 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 360) "ultracopier.exe" wrote 4 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 360) "ultracopier.exe" wrote 1500 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 360) "ultracopier.exe" wrote 52 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 452) "ultracopier.exe" wrote 32 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 452) ![]() "ultracopier.exe" wrote 4 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 452) "ultracopier.exe" wrote 1500 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 452) "" wrote 4 bytes to a remote process "C:\Program Files\Ultracopier\ultracopier.exe" (Handle: 480) ![]() "" wrote 52 bytes to a remote process "C:\Program Files\Ultracopier\ultracopier.exe" (Handle: 480) "" wrote 32 bytes to a remote process "%PROGRAMFILES%\Ultracopier\ultracopier.exe" (Handle: 480) "" wrote 52 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 8) "" wrote 32 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 8) "" wrote 4 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 8) "" wrote 1500 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 8) "" wrote 52 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 604) "" wrote 32 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 604) "" wrote 4 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 604) "" wrote 1500 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 604)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |