![]() er ror =, su bsystem =, semantic s =, patt ern = 'g_s hared_dela yed_integr ity_levelg _shared_de layed_miti gationsPro file for C hrome Sand boxChrome SandboxĬode function: 0_2_00007F F752C218D0 FormatMes sageA,GetL astError, ![]() dll\Device \\/?/?\**~ *īinary string: ntdll.dllH KEY_CLASSE S_ROOTHKEY _CURRENT_U SERHKEY_LO CAL_MACHIN EHKEY_USER SHKEY_PERF ORMANCE_DA TAHKEY_PER FORMANCE_T EXTHKEY_PE RFORMANCE_ NLSTEXTHKE Y_CURRENT_ CONFIGHKEY _DYN_DATA\ Device\\De vice\Hardd iskVolumen tdll.dllEv entFileALP C Port././sandbox/ win/src/sa ndbox_poli cy_ Failed to add sandbo x rule. Sample file is different than original file name gathered from version infoīinary or memory string: OriginalFi lename vs msedge.exeīinary contains device paths (device paths are often used for kernel mode user mode communication)īinary string: sbox_alter nate_deskt op_local_w instation_ erceptions ntdll.dllN tMapViewOf SectionNtU nmapViewOf Sectiong_o riginalsnt dll.dllNtA llocateVir tualMemory NtDuplicat eObjectNtF reeVirtual MemoryNtPr otectVirtu alMemoryNt QueryVirtu alMemoryNt SignalAndW aitForSing leObjectNt WaitForSin gleObjectR tlAllocate HeapRtlAns iStringToU nicodeStri ngRtlCompa reUnicodeS tringRtlCr eateHeapRt lCreateUse rThreadRtl DestroyHea pRtlFreeHe ap_strnicm pstrlenwcs lenmemcpyg _ntNtSetIn formationT hreadNtOpe nThreadTok enNtOpenTh readTokenE xkernel32. Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST Static PE information: Number of sections : 11 > 10 PE file contains more sections than normal Source: C:\Users\u ser\Deskto p\msedge.e xeįound potential string decryption / allocating functionsĬode function: String fun ction: 000 07FF752BB0 995 appear s 58 times
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |