Attempts to connect to a dead IP:Port (1 unique times) Show sources
| network_host_ip | 0.0.0.0:80 |
Starts servers listening on 0.0.0.0:3159
Attempts to identify installed AV products by installation directory Show sources
| file_query | C:\Program Files\Sandboxie\*.* |
| file_query | C:\Program Files\Sandboxie\32\*.* |
| file_query | C:\Program Files\Sandboxie\LICENSE.TXT |
| file_query | C:\Program Files\Sandboxie\LICENSE.TXT |
| file_query | C:\Program Files\Sandboxie\LICENSE.TXT |
| file_query | C:\Program Files\Sandboxie\Manifest0.txt |
| file_query | C:\Program Files\Sandboxie\Manifest0.txt |
| file_query | C:\Program Files\Sandboxie\Manifest0.txt |
| file_query | C:\Program Files\Sandboxie\Manifest1.txt |
| file_query | C:\Program Files\Sandboxie\Manifest1.txt |
| file_query | C:\Program Files\Sandboxie\Manifest1.txt |
| file_query | C:\Program Files\Sandboxie\Manifest2.txt |
| file_query | C:\Program Files\Sandboxie\Manifest2.txt |
| file_query | C:\Program Files\Sandboxie\Manifest2.txt |
Checks the presence of disk drives in the registry, possibly for anti-virtualization Show sources
| registry_query | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0 |
Attempts to identify installed analysis tools by a known file location Show sources
| file_query | C:\Program Files (x86)\Fiddler2\*.* |
A process attempted to delay the analysis task by a long amount of time. Show sources
| api_process_name | smnss.exe tried to sleep 9660 seconds, actually delayed analysis time by 0 seconds |
| api_process_name | 019c6ae7809e3c860a8d93eea365de57d128b6b9.exe tried to sleep 506 seconds, actually delayed analysis time by 0 seconds |
Creates a hidden or system file Show sources
| file_write | C:\Windows\System32\satornas.dll |
Installs itself for autorun at Windows startup Show sources
| registry_write | HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ctfmen |
| data | C:\Windows\system32\ctfmen.exe |