Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 2896 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 5F30E027D147AF1DE92391F2E18644C8) - WerFault.exe (PID: 1868 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 784 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 2756 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 880 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6464 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 912 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 2756 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 920 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 4284 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 980 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6924 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 133 2 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 1800 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 177 2 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6924 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 177 2 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6820 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 188 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6920 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 192 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 1800 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 193 2 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6952 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 196 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 4284 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 177 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 2364 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 197 2 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 4248 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 191 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 2800 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 176 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 2004 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 188 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6824 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 896 -s 189 2 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security | ||
JoeSecurity_RiseProStealer | Yara detected RisePro Stealer | Joe Security | ||
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
Click to see the 2 entries |
Timestamp: | 04/22/24-01:28:54.900516 |
SID: | 2049060 |
Source Port: | 49730 |
Destination Port: | 58709 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-01:28:55.338745 |
SID: | 2046267 |
Source Port: | 58709 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-01:28:55.099915 |
SID: | 2046266 |
Source Port: | 58709 |
Destination Port: | 49730 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/24-01:28:58.805975 |
SID: | 2046269 |
Source Port: | 49730 |
Destination Port: | 58709 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | URL Reputation: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Code function: | 0_2_004D1240 |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Source: | Code function: | 0_2_004D0620 | |
Source: | Code function: | 0_2_004F2870 | |
Source: | Code function: | 0_2_0042C82B | |
Source: | Code function: | 0_2_004EC100 | |
Source: | Code function: | 0_2_004A0880 | |
Source: | Code function: | 0_2_0042C8B1 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_004D23C0 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_004F2150 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_005041A0 | |
Source: | Code function: | 0_2_0040E58B | |
Source: | Code function: | 0_2_004F6660 | |
Source: | Code function: | 0_2_004CC610 | |
Source: | Code function: | 0_2_00516730 | |
Source: | Code function: | 0_2_0045A790 | |
Source: | Code function: | 0_2_0043A8BD | |
Source: | Code function: | 0_2_00506920 | |
Source: | Code function: | 0_2_005209F0 | |
Source: | Code function: | 0_2_0040CA55 | |
Source: | Code function: | 0_2_00506DD0 | |
Source: | Code function: | 0_2_0045504E | |
Source: | Code function: | 0_2_0045B010 | |
Source: | Code function: | 0_2_0049D110 | |
Source: | Code function: | 0_2_004091BF | |
Source: | Code function: | 0_2_00453450 | |
Source: | Code function: | 0_2_0040D468 | |
Source: | Code function: | 0_2_004B36B0 | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0054B990 | |
Source: | Code function: | 0_2_00453C30 | |
Source: | Code function: | 0_2_0042A040 | |
Source: | Code function: | 0_2_0052A080 | |
Source: | Code function: | 0_2_004FC0A0 | |
Source: | Code function: | 0_2_005040A0 | |
Source: | Code function: | 0_2_00510140 | |
Source: | Code function: | 0_2_00506210 | |
Source: | Code function: | 0_2_00552230 | |
Source: | Code function: | 0_2_0054E340 | |
Source: | Code function: | 0_2_00448314 | |
Source: | Code function: | 0_2_0050E450 | |
Source: | Code function: | 0_2_0052E510 | |
Source: | Code function: | 0_2_00502580 | |
Source: | Code function: | 0_2_004FC8B0 | |
Source: | Code function: | 0_2_00504A90 | |
Source: | Code function: | 0_2_0043ABFF | |
Source: | Code function: | 0_2_004FECA0 | |
Source: | Code function: | 0_2_00552DC0 | |
Source: | Code function: | 0_2_00420DB0 | |
Source: | Code function: | 0_2_00504FE0 | |
Source: | Code function: | 0_2_0040EFAF | |
Source: | Code function: | 0_2_0044F050 | |
Source: | Code function: | 0_2_00409010 | |
Source: | Code function: | 0_2_004FB0A0 | |
Source: | Code function: | 0_2_00553170 | |
Source: | Code function: | 0_2_004371F0 | |
Source: | Code function: | 0_2_00541180 | |
Source: | Code function: | 0_2_004351B8 | |
Source: | Code function: | 0_2_00547260 | |
Source: | Code function: | 0_2_0040F27E | |
Source: | Code function: | 0_2_004D3280 | |
Source: | Code function: | 0_2_004F7290 | |
Source: | Code function: | 0_2_00513320 | |
Source: | Code function: | 0_2_005233F0 | |
Source: | Code function: | 0_2_004FF450 | |
Source: | Code function: | 0_2_0040D5B3 | |
Source: | Code function: | 0_2_0050F620 | |
Source: | Code function: | 0_2_004536D0 | |
Source: | Code function: | 0_2_004DF790 | |
Source: | Code function: | 0_2_004DB860 | |
Source: | Code function: | 0_2_004F3910 | |
Source: | Code function: | 0_2_00431A30 | |
Source: | Code function: | 0_2_00503BD0 | |
Source: | Code function: | 0_2_00545BF0 | |
Source: | Code function: | 0_2_00553BB0 | |
Source: | Code function: | 0_2_00453E0C | |
Source: | Code function: | 0_2_004FBE00 | |
Source: | Code function: | 0_2_00503E00 |
Source: | Code function: | ||
Source: | Code function: |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_00550C20 |
Source: | Code function: | 0_2_00550E80 |
Source: | Code function: | 0_2_0049B950 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 0_2_00453C30 | |
Source: | Command line argument: | 0_2_00453C30 | |
Source: | Command line argument: | 0_2_00453C30 | |
Source: | Command line argument: | 0_2_00452DA0 |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_004DB380 |
Source: | Code function: | 0_2_0042E7FC |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | Code function: | 0_2_0045A5C0 |
Source: | Evasive API call chain: | graph_0-77292 |
Source: | Code function: | 0_2_00550DF0 |
Source: | Code function: | 0_2_004D0620 | |
Source: | Code function: | 0_2_004F2870 | |
Source: | Code function: | 0_2_0042C82B | |
Source: | Code function: | 0_2_004EC100 | |
Source: | Code function: | 0_2_004A0880 | |
Source: | Code function: | 0_2_0042C8B1 |
Source: | Code function: | 0_2_00452968 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_004E2080 |
Source: | Code function: | 0_2_0045504E |
Source: | Code function: | 0_2_004DB380 |
Source: | Code function: | 0_2_0045A5C0 | |
Source: | Code function: | 0_2_0045A5C0 | |
Source: | Code function: | 0_2_0045504E | |
Source: | Code function: | 0_2_0045504E | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_0045578C | |
Source: | Code function: | 0_2_00453C30 | |
Source: | Code function: | 0_2_00453C30 | |
Source: | Code function: | 0_2_00454577 | |
Source: | Code function: | 0_2_004E2C80 | |
Source: | Code function: | 0_2_004D3280 | |
Source: | Code function: | 0_2_004D1480 | |
Source: | Code function: | 0_2_004DF790 | |
Source: | Code function: | 0_2_00453E0C | |
Source: | Code function: | 0_2_00453E0C | |
Source: | Code function: | 0_2_00453E0C | |
Source: | Code function: | 0_2_00453E0C |
Source: | Code function: | 0_2_004FA050 |
Source: | Code function: | 0_2_00453C30 | |
Source: | Code function: | 0_2_0042EA14 | |
Source: | Code function: | 0_2_0042EBA1 | |
Source: | Code function: | 0_2_0042EDAD | |
Source: | Code function: | 0_2_004332F4 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Code function: | 0_2_004DB380 |
Source: | Code function: | 0_2_0042E615 |
Source: | Code function: | 0_2_0042C623 | |
Source: | Code function: | 0_2_0044D3EB | |
Source: | Code function: | 0_2_0044D5F0 | |
Source: | Code function: | 0_2_0044D6E2 | |
Source: | Code function: | 0_2_0044D697 | |
Source: | Code function: | 0_2_0044D77D | |
Source: | Code function: | 0_2_0044D808 | |
Source: | Code function: | 0_2_00445A41 | |
Source: | Code function: | 0_2_0044DA5B | |
Source: | Code function: | 0_2_0044DB84 | |
Source: | Code function: | 0_2_0044DC8A | |
Source: | Code function: | 0_2_0044DD60 |
Source: | Registry key value queried: | Jump to behavior | ||
Source: | Registry key value queried: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0043C1FB |
Source: | Code function: | 0_2_004E2AC0 |
Source: | Code function: | 0_2_004479BE |
Source: | Code function: | 0_2_00551070 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | 1 OS Credential Dumping | 12 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 3 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 11 Process Injection | 2 Obfuscated Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 2 Data from Local System | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 2 Software Packing | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Screen Capture | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 47 System Information Discovery | Distributed Component Object Model | 1 Email Collection | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 1 Query Registry | SSH | Keylogging | 13 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Virtualization/Sandbox Evasion | Cached Domain Credentials | 61 Security Software Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 11 Process Injection | DCSync | 1 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 2 Process Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Owner/User Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | Stripped Payloads | Input Capture | 1 System Network Configuration Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | |||
45% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1313019 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | URL Reputation | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ipinfo.io | 34.117.186.192 | true | false | high | |
db-ip.com | 172.67.75.166 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | low | |||
false | high | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
34.117.186.192 | ipinfo.io | United States | 139070 | GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | false | |
147.45.47.93 | unknown | Russian Federation | 2895 | FREE-NET-ASFREEnetEU | true | |
172.67.75.166 | db-ip.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1429353 |
Start date and time: | 2024-04-22 01:28:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 8m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@15/94@2/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): WerFault.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.89.179.12
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
34.117.186.192 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Planet Stealer | Browse |
| ||
Get hash | malicious | Planet Stealer | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
147.45.47.93 | Get hash | malicious | RisePro Stealer | Browse | ||
Get hash | malicious | LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | Amadey, RedLine, RisePro Stealer | Browse | |||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse | |||
Get hash | malicious | Amadey, RisePro Stealer | Browse | |||
Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
172.67.75.166 | Get hash | malicious | RisePro Stealer | Browse | ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse | |||
Get hash | malicious | LummaC, RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | RisePro Stealer | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ipinfo.io | Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| |
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
db-ip.com | Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| |
Get hash | malicious | LummaC, RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Amadey, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | Amadey, RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| |
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | DHL Phishing | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
FREE-NET-ASFREEnetEU | Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| |
Get hash | malicious | LummaC, RisePro Stealer | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, RisePro Stealer | Browse |
| ||
Get hash | malicious | DBatLoader | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_10335d55-7344-4798-868a-642b323fdb2a\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0284214926729556 |
Encrypted: | false |
SSDEEP: | 192:uiTN4kvxOPyS056rPI3jS3ZrYbajzuiFcZ24IO8kVBb4:cmxO6Z56rIj0jzuiFcY4IO8a |
MD5: | 4A45F971BB3539C6096FE946B73C4AAE |
SHA1: | FD7A1065C5EB47852B7342DD14D8C5533954B47C |
SHA-256: | 31D8A872F4DC5B030E495325D79E5C5CC85F74322D4C96E13AD03AA026F46C20 |
SHA-512: | 9BC2FC02C3802D56F1F5417A4DD777C31F846B67C10FA0E45D7F417577292EDE04C6DC769A98A6069466F98193BF57698C5D4017DCFE65D4DB6A01BBA042082B |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_15d3ae8c-14d8-47b4-889c-158b8969f6cd\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9343928585093682 |
Encrypted: | false |
SSDEEP: | 192:7iTN4kvuPyS056rPI3jS3ZrYDzuiFcZ24IO8kVBb4Y:lmu6Z56rIjpzuiFcY4IO8a |
MD5: | 7E4259CEF75EB08D1677112E2DCE38E7 |
SHA1: | AE947F27280C5741B2161BE8DD571C5DBF75DED2 |
SHA-256: | DA672A81F2CFE9D0655E03406669AE074528CA6BFFC6DE6FBAE972FDF5CE7DF3 |
SHA-512: | D6AB6BE1B2F5A6D48C1605082E3790243CF8EC550D0B0FEDFEDB0AFB4620F67AE57F3FBC51353BFF90B493FDCFECF3A2A947DEEFE8E7C47A375DF208AEE75DAC |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_407a37f6-a980-4391-8494-bf9bcb7a1c8d\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.047780135809523 |
Encrypted: | false |
SSDEEP: | 192:0diTN4kvsPyS056rPI3jS3ZrYbWJzuiFcZ24IO8kVBb4:0jms6Z56rIj4JzuiFcY4IO8a |
MD5: | F32465F1358D010B64EED37847639D7C |
SHA1: | 7A6882F9D7E248C7349BC7644A8DD822DFCFD7A8 |
SHA-256: | FD0FAFE9C2D3CF8F49EFFA5DD3022CB1C609B099332DB5C9EFF3A9FD19148C19 |
SHA-512: | ACCA33C1160B252646BD7D9912E9D61449CD7D2FAB2545A08753863113FAB5E15F58853C423FEA9BF924590BBD05854ECC7D80BDA9826F67052ED5B253226DEC |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_681b8baa-75ab-45c4-b7b0-ae76b7b2d453\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9080577808324307 |
Encrypted: | false |
SSDEEP: | 192:XiTN4kvfPyS056rPI3jS3ZrYszuiFcZ24IO8kVBb4:pmf6Z56rIjWzuiFcY4IO8a |
MD5: | 3285F04756C85B4413534794F0936FD0 |
SHA1: | 74E97A927EAD7E7B16B5404F3D9E9B4C79462394 |
SHA-256: | E64FADA14199ED663C419B596691C0BF88A497E9D4B7621BBFA7B09CEF8A2EB6 |
SHA-512: | D1BCE5152B4ED1F90DD95CC571F623BA8B84F21753EF31DE23831EF01A76A29BE7A2E65E53B1CB2102C2D00A702EB4CEF82ABC0870BF4747FB556C9C59B9076F |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_688cbf8b-67c3-4b5a-8f65-1c3ad19de2a6\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9888250838635992 |
Encrypted: | false |
SSDEEP: | 192:YjiTN4kvuPyS056rPI3jS3ZrYbNzuiFcZ24IO8kVBb4:2mu6Z56rIjDzuiFcY4IO8a |
MD5: | 00CE2C3901C6B8D1CBB8A604CF066132 |
SHA1: | EC25C076C648E507A590F2C84B1C673139DEAEB1 |
SHA-256: | FBDC70BD536146DC6D122F2024C95E06D587E8491463EAD22EC1C81B08F87D8B |
SHA-512: | 2916E5E5EEAA5F9A4ECB902D3D8FBA3DAA004CB663B1FD18921BBB11CEA2017F3B80DDDB3523F09F4D8AFF2ADEA03E4656EE9AFAE7BD044D444533C02C6B842D |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_83ca9a92-fbbd-4d11-a1a6-fbba96d67552\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9345700594944922 |
Encrypted: | false |
SSDEEP: | 192:oeMiTN4kvnPyS056rPI3jS3ZrYDzuiFcZ24IO8kVBb4:Pumn6Z56rIjpzuiFcY4IO8a |
MD5: | FA5BB8E5A8753FA52CA7360EA984AC1A |
SHA1: | 8E713B704632C015E045352200F1CD36CCDA9858 |
SHA-256: | 34812D813BE432C81EB40C0F41416C9F2D8FD258524A3488232F7CF4E88694C2 |
SHA-512: | 6CA920BB22315CE004626AC36D8DD1BC3F5D36A22BF19B13FD972182901383934B7D3DE5A906703058116F7FF2CE2878FDDDB07ECB0DB0E4934B292FFCA8542E |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_84b6f306-bf5a-493e-9e98-3770969605f7\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0481064330216645 |
Encrypted: | false |
SSDEEP: | 192:WciTN4kvfnPyS056rPI3jS3ZrYbWJzuiFcZ24IO8kVBb45:W+mf6Z56rIj4JzuiFcY4IO8aG |
MD5: | F56CE1230974A9506CA40F4E64B6A273 |
SHA1: | 6773ACE1CC36127C298A0F79DF79D777A154C7C5 |
SHA-256: | 4B141BBA003DC7769D4DEDD8E04280BD3AA408A2F6ADEA21EC1FAA246B05A266 |
SHA-512: | F8A70E9F0C7EF22DC027FDD536B4825CC803AC79E9B2081324F67C85409ACF17488C664C905FCC8CEDF18D706728138120424EC8F4FB1BF589CD4D49A5DA11CA |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_85a5fc3c-0a1c-48df-b75b-a51156fea0d7\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9344893344241797 |
Encrypted: | false |
SSDEEP: | 192:fbiTN4kvdPyS056rPI3jS3ZrYDzuiFcZ24IO8kVBb4:fFmd6Z56rIjpzuiFcY4IO8a |
MD5: | 3630E135CB74084DEE22D860ED92C1B3 |
SHA1: | 6E2E4A2A2DB79696F9006DECEA3B26C8989358F0 |
SHA-256: | C96CFA154A417D6A59811CB053C5229B03D16E1E5960D14F9A19B8BFAA6C45CB |
SHA-512: | F5ECE5B79BE4197E0177E6703E170CC50A32D3A19C88DF5E02D5F8E2766899157FDA0A3C08B76D84525F45232DD6E9803B419A9C19BEFEECDF250FC7FB90CE2E |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_9042f83a-504d-4950-abc0-e4e4679bb0f8\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | modified |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0480111729930894 |
Encrypted: | false |
SSDEEP: | 192:hiTN4kvtPyS056rPI3jS3ZrYbWJzuiFcZ24IO8kVBb4:/mt6Z56rIj4JzuiFcY4IO8a |
MD5: | A4C27846ACC9B8F66DCC86073E80E7AF |
SHA1: | 0EC3189731027A4542E41BABD52B57235B0D33A9 |
SHA-256: | CFE44F1656F2AAF0183CBBC4C4906E7F53C23439EE7FCD21481892D93383DD6C |
SHA-512: | 1D372C0FB4847F49D92E103521870CA39901D238DACBF2818F2A5F2260299A6B4DE33A819E155ACAA0B3F3B0398FDDB57B6733159892C3C69971DE68DB3434D5 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_b4ee208a-c92f-4f51-be05-eaa535ab5445\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0150491058888564 |
Encrypted: | false |
SSDEEP: | 192:FiTN4kvqPyS056rPI3jS3ZrYbzzuiFcZ24IO8kVBb4:Lmq6Z56rIjdzuiFcY4IO8a |
MD5: | 22BA37ADF5E2264826C08F7ECEA9FA49 |
SHA1: | D61C0F86C734470C1BFBBF89A9C31A0BFF6CC7A6 |
SHA-256: | 70701C8AD7E1AA9AECA0D9675395C2EB708953357088D22E27251E55275AD553 |
SHA-512: | 7E778DF5DDE777B70C6E129918BA22CBBDAC81C43458E977DFB74BEF2CC46FD560C173C460B49F9614DB98913802310B55B1D7B6909A139B593015CFC7D40C85 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_b621ded2-faf3-4fb3-a976-16024740780d\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.04778575666465 |
Encrypted: | false |
SSDEEP: | 192:yAiTN4kvTjPyS056rPI3jS3ZrYbWJzuiFcZ24IO8kVBb4:nmX6Z56rIj4JzuiFcY4IO8a |
MD5: | EA070C6F99993907679093EDF4E87DF4 |
SHA1: | 312DB2E97E3EB70270E917697F6963849A9C1814 |
SHA-256: | 479FD874B30A1A3214350C5EA6DA57CF7ECBE0A412C7731BA5E85B717DA7BE19 |
SHA-512: | 01FC43A49579A1064562613D561894C8F6B162B70B7B9BD586437E0A383EF6041C5967B779A353AE1395CB3D85AFE0107E9CA6F9B8B03F94FF27768B22FF91C0 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_4d3f288dd4798765eb91273da4b76d6bea17316_52238708_f6dc93c5-cb1c-438e-a34b-3e15d7234d4b\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.894583972830973 |
Encrypted: | false |
SSDEEP: | 192:GjiTN4kvMPyS056rPI3jS3ZrY6zuiFcZ24IO8kVBb4:GNmM6Z56rIjgzuiFcY4IO8a |
MD5: | E8A2D93108ED3B21A89651006466B617 |
SHA1: | 9A460E070E5F7093F9BB3F223ACDBBCA48CC351E |
SHA-256: | 918AF43415E945CF80422982DDA02043A534382EDB7FB1FA792B4BAAAB6DBBF3 |
SHA-512: | F3C01D4CB87C19B69F1E3A6105016E0F56BB914DFF897F184C7A8560E59AB504C0E7AF6E7A279E024B37D422BEC0F01CCF0D7BC9D4DD24B48440BFD8BC0B0AEB |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_bf3ace7eccf87db32bccac6338e1d4b03dc99b8f_52238708_302080a6-229b-410a-bd76-88077ad387bc\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0478206956040896 |
Encrypted: | false |
SSDEEP: | 192:6iTN4kvTPyi0JsAnbcAgI3jS3ZrYbWJzuiFcZ24IO8kVBb4:QmT6pJsAnbcA3j4JzuiFcY4IO8a |
MD5: | F01F6802A73C8EDB833F75CF4A9AAD19 |
SHA1: | 6D7397A7FD699FED26188F6EF12E87BD73C3C096 |
SHA-256: | CC9F808DE817C31D5D0941C0A7BF96337FBB591B0DEE4A0182CD7157E351E600 |
SHA-512: | 0960961185A2B083CAEBC0230951BE6E8BADED5B56050886DBBCCFBBF99BE8F41D58EAA6AC308CF5DDEAA50C808D8B65F89500691A924F79DC505A2B6B67AF96 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_bf3ace7eccf87db32bccac6338e1d4b03dc99b8f_52238708_73a5c60f-cccd-4bb6-87ec-0e77435d9d45\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0479227251818521 |
Encrypted: | false |
SSDEEP: | 192:UzDiTN4kv9Pyi0JsAnbcAgI3jS3ZrYbWJzuiFcZ24IO8kVBb4:UJm96pJsAnbcA3j4JzuiFcY4IO8a |
MD5: | F4F1E02A568ED67CE7AB2C4DB605303B |
SHA1: | D2474D2F08B11498565441503EE4EE8D49EF129A |
SHA-256: | 1588CF346968A82EB1A176CC0172B46DE32EAF00091EE01C921C68E7B3C46E69 |
SHA-512: | C374FF6F3D14746AF6CBDD352B874C584D31D765DAE03BFC794E84224FE1AF7D8974C4002ABD30CD3A0459C554CB35F81CC7F5ACF594B9161F2F1B471CD2B868 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_bf3ace7eccf87db32bccac6338e1d4b03dc99b8f_52238708_bfe9909b-817e-4821-a15d-d84abb4d0703\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0417745596178778 |
Encrypted: | false |
SSDEEP: | 192:QViTN4kvlPyi0JsAnbcAgI3jS3ZrYbWlzuiFcZ24IO8kVBb4:Qbml6pJsAnbcA3j4lzuiFcY4IO8a |
MD5: | E96958BC4C8111DF4392E827A3456DA0 |
SHA1: | 1C96B2EEDBEA0676358DB1E663283E8F995AAE93 |
SHA-256: | 68E9B318E19898030AC1CDCBCBF2FF350CF13DC057F28056F60C5CC56CD806A7 |
SHA-512: | E391A274101C756870D5C04B5B088492776B25B2C0154C255C277DBCBB620C54A251B48CAF7D70EF400AF73B2D992BC3A6F702E4B5A98A9C0C41CFA0973119D8 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_bf3ace7eccf87db32bccac6338e1d4b03dc99b8f_52238708_d1f1775b-34ae-4862-b958-5a7fbc722829\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.047734375481204 |
Encrypted: | false |
SSDEEP: | 192:4iTN4kvgPyi0JsAnbcAgI3jS3ZrYbWJzuiFcZ24IO8kVBb4:ymg6pJsAnbcA3j4JzuiFcY4IO8a |
MD5: | D77866FF92A38EF905605744B6C20414 |
SHA1: | 12E1792285B28159AF67C3BFE5AB192FBB509871 |
SHA-256: | E60ED3E09DA65BAC0FF114796D88BADFDF4383C96154C3FF9C74F18864F1C5C5 |
SHA-512: | E483BDF1438C4843B41EC5E5617C6BACE1E070EC43FCCF0DAA89C6B240EF9D9AA692E7A6BE8E1B7847E7456FA37666CF3F2519F0F31713871D3EFEB0B0E8FAD3 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_bf3ace7eccf87db32bccac6338e1d4b03dc99b8f_52238708_ed24c999-a2a5-41aa-9fbc-f46e42155e4d\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | modified |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0412899645235876 |
Encrypted: | false |
SSDEEP: | 192:pfiTN4kv8Pyi0JsAnbcAgI3jS3ZrYbWlzuiFcZ24IO8kVBb4:pxm86pJsAnbcA3j4lzuiFcY4IO8a |
MD5: | 36BBAFCDA35A632DD875FD8E7751118B |
SHA1: | 030BACAA24193A392C6FE40D890C2BBC598AC1D1 |
SHA-256: | 63038A47ABC00A59AAAC6C57F7A25CE49FB02554EE578BDE51F83297A7E783C2 |
SHA-512: | 2F761A685C1F4EC17B1B5D2824F3E45F111686256F5F596007FECAD8F1792A5D10FE013B3AC08E8D372846EFEFF8B4DC4187168CBBFAE426A954178936B5C287 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_bf3ace7eccf87db32bccac6338e1d4b03dc99b8f_52238708_f1cbd908-8b84-401d-9fbd-c08ff655e859\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0478763068056167 |
Encrypted: | false |
SSDEEP: | 192:UiTN4kvSPyi0JsAnbcAgI3jS3ZrYbWJzuiFcZ24IO8kVBb4:2mS6pJsAnbcA3j4JzuiFcY4IO8a |
MD5: | 5F00822AFA89EDE83C4EED94D19881B6 |
SHA1: | AD4DB0BC6D5E9B0F4C2339B204E1AC7B88B19C01 |
SHA-256: | CFAEEAEBFC0D88F0F17EFB8EF55A561584FF36DFC2388E6EF19475DB06778470 |
SHA-512: | 39ED3F1CC6D5312864F8FE88DF7061CFEC67863AC1FD29BFA1439744DE7D30493FEB5EE0CDEFFC4F43522DCB4A969A9472485F07C28E4A3B61BBCD7473F876FC |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 140240 |
Entropy (8bit): | 1.9798375541558633 |
Encrypted: | false |
SSDEEP: | 768:3n6n8CND4lTv8UYwGaAYZP60+qeT2rCqm:9hJa06T2rCqm |
MD5: | 0211715AE8B79DB1ED8D844F0EDFE6A5 |
SHA1: | 68BA1C186E546525F391ADAFF1D44F590DEDA27B |
SHA-256: | 7A272CE9D2F11C49C2701AB3D6E769E01DA6B3C9A81A989D0174A8C9CA8306FE |
SHA-512: | 631E22348A53FDEC9994352C387F30ED9C4DB4646AB160A6B8AF43F5858DF4EF3A9C39BA8655FB388B5CBE1C3FE35D041AD36EEE3E49D799322CB0176E164055 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.6983669681177425 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCT6W6Y9fSU9mIgmf6EVpBG89bSRsf9mm:R6lXJW6W6YVSU9mIgmf9lSKfl |
MD5: | 217E15AAD1632D6C4B25FFC7BB954FA5 |
SHA1: | 46FC76F04D010497889F70F97C64EED6A97BCEE9 |
SHA-256: | AD3C1306D7FF349933024B97CFD908BD948DE6E8FB187513CC584608280FA71A |
SHA-512: | 3B2D07F76600EDD47B44C97E8DCA4C414396E4209B6D131425C68F190531CC3EDB9ABEAD9FC97E90042654A09E23E4BF7942FE8CD0D28CE15DAB1EE7A6C72F26 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.4549568887778035 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYaYm8M4JhNJFsB7+q8vMNLjyvkd:uIjfuI7h57VWJhSB7KM5+vkd |
MD5: | 794B56B4B0C378397D1CD91A3A6173BC |
SHA1: | 52170EB4DB7D7D4D068933C49DBB5A103A466874 |
SHA-256: | 957622B76F911FF215170C348BDFB228783C50B897B9E831C1EA7042A18D3B30 |
SHA-512: | 73B72F879B7474B1037A98C065B2E92325A14FAC19498A969B8562FDCD0298AF3B62464FDBF44C317883B5349E0A67DB894F6923C216BD95F5AB14496981F453 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 139788 |
Entropy (8bit): | 1.9897167434272096 |
Encrypted: | false |
SSDEEP: | 768:zq3KCNz4lTv6l6MEqWwuaAYZP6NmtrF4QZ4:fdivEqcNOFLZ4 |
MD5: | 635B33B96E95D7A50C5404C5B53B0ED2 |
SHA1: | 1D7B972836F7B35F6A45B82456D53C774C31B4C0 |
SHA-256: | 707D33AED2621369F4B040C6A98138B8BDA59CC73F64E895ED9F23D3BAD87CDF |
SHA-512: | 9F0831D683460A8A44CE70251AA7C7AEFB4C177CA057498B508AE21D655D754785071CEF4BC1845D0932E89E4BFE491964B73FBD02571222487B49E53511F32E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.6984980914267735 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfC8676Y9XGSU9UIgmf6EVpBT89bbRsfppm:R6lXJp676YtGSU9UIgmf9+bKfm |
MD5: | 634F791A807C9DB37A4B8B806DCC0F09 |
SHA1: | 2B5459F491D1F4418F864E67177D2C91ED93C895 |
SHA-256: | 12FD70FE5E34EC416DA7A5256CE61A22DE1EDCB8A81AB3B62F3112BDD30E3A9D |
SHA-512: | BAA87F54173C65C425B8841F8CFFBA9463D1D22E6C9E3F782A6767E3D71DEE3599237F2DEEDCFECDC7EBD25C11558361B6F2D248909DDDC2CA7B3C42D29A6F6F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.4546786695870875 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYLYm8M4JhNJFr+q8vMNLjyvkd:uIjfuI7h57VHJh5KM5+vkd |
MD5: | 04CEC444752D5B36ECC9E8FF0A6F6A94 |
SHA1: | 41215E8E5AE77A1032F22D13288D908B61246DDB |
SHA-256: | A1126D5E1382493D3B1EA978A83AF7AF84897B8C9F419A966C61B1EB9593B9C7 |
SHA-512: | 781D40D9422A5B11A9241094C0C98E6524DBD384EAC8C489D35A5222738214DE2491978DB74D4E16B9DF59D59659299C45EC4DE6E5DF27BA092C3B593EF509F9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 139336 |
Entropy (8bit): | 2.0018313386600046 |
Encrypted: | false |
SSDEEP: | 768:MaH2CN+4lTvF+Pwq9WwGaAYZP66XxXDwhtP2uIbts5kf:caNXq9UWxXDw32uIbt7f |
MD5: | 8CA5CB6147D5B5DB1485E4379FF98258 |
SHA1: | 67F7A72EE98FF7AFB16E2E085430614EC07F359B |
SHA-256: | 51061A70C6530A4B647F0C402F915CF2F9D61475841CD93A489C2D4B3A526093 |
SHA-512: | 750A119F86EA16FFA0AD6F1DCDAC131BF33F85AFE8C19FC12D36690396F2692E108EE25F9F2EB310858D75D06AE77AA04C1CC8DB320F2B9B5D6B1B6A8DC0C4C9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.6975970351840965 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCs676Y9XSSU9UIgmf60aAjAypBT89bgRsfjAm:R6lXJ5676YtSSU9UIgmftaAjAxgKfh |
MD5: | E2BC416F878BE4FA70922D56E9F19375 |
SHA1: | 955A4BAE1F7B39A1D32C5AF101075ECB7C3ED392 |
SHA-256: | 8F99917C747BEEC4AB8A5C0AA9C0751191D1F09B7255938A991CE4024A254B42 |
SHA-512: | C2810CD7BB6F851EAF06F5B44FD8429AB14788191BAD451757BE9B93C470D3CC9375B9F39053D2CD0D04274AB44D3E6B3DBE1A1E3B816C4BB6EB2628185E266B |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.455703457400895 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYCYm8M4JhNBFH+q8vMNTjyvkd:uIjfuI7h57VqJhVKMp+vkd |
MD5: | 8B9C6B5B800AD399F16047CB3781C642 |
SHA1: | EF9B53D738E225A2AEDE4C75248F4CB880BB91D8 |
SHA-256: | C07CAC194CFC2D6434DCDB7EC68218EA680E78C9C293C8DA86D1C70C0C772842 |
SHA-512: | 2E372CC6C4762341CFC892E17BA9838DEF90969CD47868EED745EC6E6EFB9801815F30C30FE124953F7CCC849B3098F0233ACE276E6C053E229D6E4B57910C2D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 133880 |
Entropy (8bit): | 2.031095165529541 |
Encrypted: | false |
SSDEEP: | 768:FXXq7RL+e4lTvgG2wF1+hwXwGaAYZP6RBKyFgc0HU:o7orhFkhw/7Kn1HU |
MD5: | 16614756322A4B562CB850BBE8CC9F0E |
SHA1: | ACE7A430584CD5902E35B7C5CC6204BBD814197A |
SHA-256: | 602465E540CB147A7B0C53ABBB731E979ED379628117EC9E0D63B05E2C31101D |
SHA-512: | E6BE9AE7CCF4AE25F1A9DC8DE4B6FEEA305F5CD9A2C811556221A0FBE3C7A50FA33F7746661DB57D5BD39668187E3D05CEAA991C71490B954B65809CD7BD43BC |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.6957175341409654 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCj6q6Y9XzSU97Egmf60aAjAypB089bpRsf1Dm:R6lXJG6q6YtzSU97EgmftaAjAUpKfc |
MD5: | D70306D47F301A744098392CEEF643BF |
SHA1: | FA829EBE8C823D3C875AE5F4C082132EAFCE22F6 |
SHA-256: | 89397A317786BAE36AD723F151E438E35CEF74ED5A8CB7D8C0CF12A851FCE461 |
SHA-512: | 973965CCE17FBAC7D5F493C38AE36B9DE68BAF934796EFEBC8F19C775109BCA29F4B91D87B779F52578027E42FAC7F69C6A2CC3D7497D018232ED5138516F604 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.4533227116304435 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYi0Ym8M4JhNBFx+q8vMNTjyvkd:uIjfuI7h57VBJhLKMp+vkd |
MD5: | A77B0719430595944E17BE591A81461B |
SHA1: | 66427264EC919594EF03C0BA71CB6ABE6DC15A52 |
SHA-256: | 3C0953B449E9128E4D88E603CD2CFA482CB73E6F67433D5E0A0EE90A7A38EFC5 |
SHA-512: | E545B313511E119AC3C77BA7ACB12B808446F69CC84BDB392B44CA82134EC343AF82C8CCBFDEF0CAAA3574CB2FB841D8136196B26196DC5F753556C7E495DBE5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60284 |
Entropy (8bit): | 2.30660068036045 |
Encrypted: | false |
SSDEEP: | 384:74BR3KlTve7NsRMX0pvqG+AYxVF680UnUp6xHC0Pd:8BRalTve7Nr0pvqCYx76gLPd |
MD5: | 17A1E728DA268C1D7960A996105B96A5 |
SHA1: | 8E003348902197BEC4E18872FBC8C058E640C9A2 |
SHA-256: | E3FB89C469172AD80E6528D8EE99E993F90168E514462197F302464EDE69500A |
SHA-512: | FF6A27F4F7A6A5352228E40DD693A486664DE0BC41967510572903BE8817F3D0747F5460A8DAE6503FB3C30300280CF02BC8CA99AF78947919CD95AA81B7C9C4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8410 |
Entropy (8bit): | 3.7004833515937072 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCf6dci6Y97LSU9Wglgmf6EVpBH89bMRsfDkm:R6lXJy6ei6YFSU9Wwgmf9yMKfl |
MD5: | A7152751191EC7079E331705B7767182 |
SHA1: | 2BE9CE9C681524BB05B119056C1E3F0907A9BF88 |
SHA-256: | 07FBC6C1519D1A0F70CCD352C235DE8988A2F59843CC3C9AA3D3D6B6AB479D13 |
SHA-512: | ABC257FBB79A9358CACEED5E4205D1418F3DD308D11FB7B980F5DC2B3BFA777EF2D239C7B5565521DBF5D8954007EAEBA961506E5606C98BC0B8897F7184665F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.4550027892048965 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYpYm8M4JhNJFP4+q8vMNLjyvkd:uIjfuI7h57VhJhCKM5+vkd |
MD5: | C443AA3359E8B236FABC40910B8D0B0B |
SHA1: | BB9D5FF7465988D88A098F28EF953EB94AFA953E |
SHA-256: | E2A18937E44211B207541F976E6D3537F7CA12D2C80E6677FA7CA922DCE0D63E |
SHA-512: | B6A9096856152709D702EEB8B8C92DD45D94BCBB49C6AF4313075B6798FEFE89775B295ADC3B5780000C556CF1CDA8E30EE1C253F4453A4BC70F8AD5208A4347 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 74324 |
Entropy (8bit): | 2.3773242483396575 |
Encrypted: | false |
SSDEEP: | 384:utmep3lTvrQ3bVsKh1FLWJOYG+AYxVT6cljnUpOIgSqgLf/Y:nep3lTvkxDlWJOYCYxt6KqX |
MD5: | CF7298300615DCF00A0530A9C660829A |
SHA1: | D3227DB83A807A3C3576C39E89A0507331E14DAF |
SHA-256: | 248F569075C6448A47FE96A39BCA111040B993A9F4CDAB2083A84C8E296FFDAF |
SHA-512: | D3DA11C53F853F5FF053469A5AAF842B32F687FBE881E61DF5CE6B9FAD2DC697EE8E741F244BAE02FC3995D702F14B1BF43E1BEB893A710C91A8928F2055A74B |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8408 |
Entropy (8bit): | 3.6996844437731253 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfC26Q6Y9ZSU9cg8gmf6EVpBe89bjRsfoBm:R6lXJ76Q6YzSU9c5gmf9tjKfD |
MD5: | 237B6EEAFD00BF88FBB348FAA18C9F5D |
SHA1: | 0D78BF4DDA65BBB390F90AE708168DBC338B80B1 |
SHA-256: | A2857F4F1EA8FE6EBF2F52D715C6A6CF19ED530A251280CF99B43C410335C4DD |
SHA-512: | C09E1DA9001EC3FF4768D535B79F0C018160E583095F947E696CA8B4858326C35EDED230ABF6B34080DC713A4C011E5C395004E5E304DE6EC3756F6A5C4A0B06 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.456489061413185 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYzYm8M4JhNJFhp+q8vMNLjyvkd:uIjfuI7h57VfJhrpKM5+vkd |
MD5: | B0B410D254BC7D0B737F800450D714F5 |
SHA1: | 70CD85305D8CA65A2467DA20EAD9A037CB750F53 |
SHA-256: | 6F501CDA83FF76BEBA3A12AB8FF1E9FE286631ABE4A4D9548464A6A43231C06A |
SHA-512: | AB081DEEF34F003B0CE20088C99BFAC510D47A757E6000E657B8D6423F8A1C9909B92CCE713D6BF51019961A398B9FAC4EA023F88B2080FDB7B788F16F49C17C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 85814 |
Entropy (8bit): | 2.2405398440582838 |
Encrypted: | false |
SSDEEP: | 384:Vy/osidNZlTvSjNuBx3NpXdsr2yRJOYG+AYxVF6cYj8UpOdSET97CqW:Q/QdrlTvSjNGdpXdXyRJOYCYx76kto |
MD5: | 3243903D53F3487A1369F7CB3C1F220B |
SHA1: | 68D30DAA2AD119EBAB6E9DEBD36DD631D7D15652 |
SHA-256: | D8913CDD63D38D7525C2BE47A49B58682A19AE035ACBE7A0C94532D327938CB2 |
SHA-512: | 1C24B3C5B69E3530F80528F0D130AE9B88EEAD97477303F0A596F1D498D86BC2B8D98D73418D9EC2D9B408EEBB57430AF9890D9CE02E8DC89AD4C60A7F8079F6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8410 |
Entropy (8bit): | 3.6999951237730953 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCS6G6Y9eSU9cg8gmf6EVpBy89baRsfE+m:R6lXJf6G6Y0SU9c5gmf9xaKfU |
MD5: | 65A1491B06FC899D445C8261A5BEF2B0 |
SHA1: | FD0BC562962547D1ED4CCF4CED9C906604F967B9 |
SHA-256: | 7F5D3F354B9DBB94545F7F742601F4AD7B5C3C16504B6B3AB28639118F310784 |
SHA-512: | E000C5A7A963737AF742F0696D4FE9E74E76296B2284538B2A9EDDE2F6B04B8E9620C8D011F29F2D09C9227AB916EF69480ED42D0B573683F8CA923E2C1F7A13 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.4545400977649345 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYtYm8M4JhNJF6/+q8vMNLjyvkd:uIjfuI7h57V9Jhg/KM5+vkd |
MD5: | DB948BC05C1B239C14BC3D36DBDD44E1 |
SHA1: | 9CE75D07B657F8673AFF6E89D56C2AE68373ED7E |
SHA-256: | C2F61CCA95A002130BD0D5F8E6298BA8A85FB99DB82AFED2EA622B5D8FEE3E2F |
SHA-512: | 5D8B43F320B9679B03B0DEF227A7B58CC7D59FFF9CCB3692679395E9AE5BEA6D19CB5316E21A7CCF9AA9416861841DB55DB14561F357718AFA60B775E3732916 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 85390 |
Entropy (8bit): | 2.2524435655962614 |
Encrypted: | false |
SSDEEP: | 384:SsidN0clTvdaB1sxp13uUyRJOYG+AYxVF6coj8UpOmSaeuIgJxUBreW:md+clTvdsyvyRJOYCYx76UspxU8W |
MD5: | 5B20EA73D3B2FB8CC26B020CF625005A |
SHA1: | 4EFA378AE0A968BB1E025E4FCB56F81DE32BFB31 |
SHA-256: | 41177C575A4476287F8BD029928A4543372C8DB39C595E3AD23E5F2B36805FBE |
SHA-512: | 52C5620B1541C3A77CE3FEB437C9756C91F11AB9DBAC6C94B40A7AEE974452B10F5D2F78AEA9CD3E368CEA1FCB6327DD1AFB44C0215CF3A1E223A7505D0ED186 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8410 |
Entropy (8bit): | 3.700086302412444 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCC6q6Y93SU9cg8gmf6EVpBa89baRsfqM+m:R6lXJv6q6YtSU9c5gmf9ZaKfT |
MD5: | E8947F338FAA5680D970CE808100364B |
SHA1: | 3C16911B60749AD48D638523C4268E743A7FF7D5 |
SHA-256: | 09305550FE0D7756E95F201AFEB471C486F6C7566C7193AD061205DD915035AB |
SHA-512: | 4DFE5BE214018C0BCF685705EA94B0A8E2D8D0A3491D764440DA2F558701D1B9FD2467937B5D6A4142951EFF825F94130B389E881123D068CAFCA1C834B3D309 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.4576093902618 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYQYm8M4JhNJFGR5P+q8vMNLjyvkd:uIjfuI7h57VYJh0R5PKM5+vkd |
MD5: | 90CC64AECCB2C4496A339CEE2A4B287B |
SHA1: | 80504013BB3037765C2D980EAF74064A71E82586 |
SHA-256: | 082CFF0E25CB111585950AA317068BE1DE8BF5EF858871C828E50BD6A5788A6F |
SHA-512: | 690DEA0AB56D743B94A9832212C75A230A06EF2DDE01D6F8F78D602BC4FFF14086210BB3C3FCC10A11E9C514A98EEA7F4E79B8299B36374C82815B676EB4A39E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 93712 |
Entropy (8bit): | 2.242917721722728 |
Encrypted: | false |
SSDEEP: | 384:QZnD+oIGlTvvBvX31Uhsjp5k3mk12DJOYG+AYxVT6c/jFUpOwSF0MfCaU+pmdGBb:W+vGlTvx6Ep302DJOYCYxt62tKaUik |
MD5: | 145A8B08AB9DFECFBF2E09CFB74B54C9 |
SHA1: | 8BBC663B24060340D31D31E09B02EFEE73A5CDAF |
SHA-256: | D8857C030BC70F2D5C0346285F117A02E6EB1B36B3593FC5F07015AE0AB31717 |
SHA-512: | E9390A054576BCA967C51241883F2588C2F6C8E93086B9BAC8A6A094BF6DD23A44CD52858DCD427105FC7F1BCF7CA7B7D2DBF3CDC0ED73841A92AFE47A736A50 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8410 |
Entropy (8bit): | 3.6987200406669825 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCl6be6Y9cSU9cg8gmf6EVpBw89bxRsfsbm:R6lXJ46i6Y2SU9c5gmf9nxKf9 |
MD5: | 819E1C850F81A5A0D4F041DCDA8D656F |
SHA1: | 28B97BBADA1B3C691D517C87B97D417D7A16F610 |
SHA-256: | F366945DF8DC039772D0FAA4EF4B848BB2FCA4BA31A6FFE551DF6E8AFEB7D85A |
SHA-512: | 1B8F22B0BCE1F2E5CF661DB280F567843A81A65612BB0395E014F5E7818F4FE5E6F7187AB558BFCD0A8A6B0E2D59CDE3EA9731CBFA1A557E167C283F816E8407 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.455224705879269 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYlYm8M4JhNJFem+q8vMNLjyvkd:uIjfuI7h57VlJhzKM5+vkd |
MD5: | B324375F5A2CA60676C95718FF3B5D38 |
SHA1: | E5E82FA18D562CE2459091FCE4BF49255F3D60AB |
SHA-256: | BEF5E7896228EC3D7A913BCEA9081D9D394BABA5517D5786E882FDC09C773816 |
SHA-512: | A822DF87599AF61392042CD5525300E22A559BAD465A3AC9022FBE1AFB92D8F7624D1F870C873C0AAEE386453FEFCB006BED9EAD7442D59B192635D47F287AC9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 110494 |
Entropy (8bit): | 2.323407152108866 |
Encrypted: | false |
SSDEEP: | 768:swTlTvvBVVlwMCU8RJGBmYZT6GL4nNT6:s0xVVlgfOv4NT6 |
MD5: | 498661DA3479E08299EC4B90EE62A32C |
SHA1: | 342D3A5B9161BAF8EFA89E92DCED9C8CBAB0DC3C |
SHA-256: | E98277BEF2306FEE698B8D6DAF49BD542B3EDBFF4583CA496410CEBA53F859B7 |
SHA-512: | 794BAC99454E70D3F500437ABC02E69CD8014ACB44466DE774F6F2D116A794D749FBD8D11DD203BC1236DC87E1FBDAEBFC74B58A0B62D6F35142086B8994046B |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8410 |
Entropy (8bit): | 3.699740934607127 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCy6I6Y90SU9PgQvGgmf6EVpBw89boRsfkYm:R6lXJf6I6YuSU9PEgmf9noKfK |
MD5: | F0C3C611E65F9EAF96DC8598DE451908 |
SHA1: | B3E44F01BA3C040A7B2387BB7AF35444D5BD0179 |
SHA-256: | 2F8D4A77A3A941146B1F05F732E9CA3E5E4752C6580147DDAD99A0818573E95C |
SHA-512: | 3AAEA266C6BEBD624F90097CAABA2CDAA441E20451C67EFC06C2B52CD9F14E96A37D4446B7516A0508EE71BBB1DFE9C8CA6C6B38EFF41A79C9FC928EB8BE280E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.455784850300265 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYmYm8M4JhNJFM+q8vMNLjyvkd:uIjfuI7h57VOJhmKM5+vkd |
MD5: | 87407C8BC306446747187311722823A0 |
SHA1: | A194A8818A29646BF04FB181C25FD2CCEE267212 |
SHA-256: | 286376C6B8328BF161466029F21428007177831927446A7930161F4A1EEE57B3 |
SHA-512: | F003FE6ED14BF5F75F72BA7D2CA921478A995FC3D0E6A9534BC9CF5D3D928D3DFA7C1BA839323FC6F345BCE06BA2A5E8E2FEE6A27DFC3035EA787C6AD4F44519 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 120208 |
Entropy (8bit): | 2.0886264725898527 |
Encrypted: | false |
SSDEEP: | 384:8DTJSV6SlTvMtCHX6dso2ur1AaGaWYZFN6V5jmUpqiSwiCl1mijc4UCQieLA:8PJDSlTv/3eTl1AaAYZT662PmigwCA |
MD5: | E719C15FE67B3A4B85C48C8530B14266 |
SHA1: | C502FD6EB6980B937597B2E8BF6C1E4A8950B2FF |
SHA-256: | DD463D99DE9C56FD59D44DBEB2DD79BFA96916CDC7F69AC3883FE6017285755F |
SHA-512: | B20AFFB8535E8B8D73E4BC9327A9F908A7091398D2537048DADE40C3965A7AD7F6C78D512823478EF82DA02E64FED016D6A22AFAC6DFC102018072E52DB60752 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8410 |
Entropy (8bit): | 3.697009881681015 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCY666Y9sSU93pgmf6EVpBB89bDRsfZhm:R6lXJF666YGSU93pgmf9kDKfO |
MD5: | 3E4C5555C2D689EFDF4E2C47D064D749 |
SHA1: | 7FE3F271557D8ADD6A0E84066888077B83CB135F |
SHA-256: | FB1B0C60C21CB6620ABBD274E70563DF186EA206C9D2699D06725D5F8AC4C8CA |
SHA-512: | 7C4C7B1BEE35FEAF92213F37203048133293EEE98B271B772107684EB3043837AE4CDA4CC16EC283505451646BD41A668A23DE90E7F0E8B7403ED7BC708E5342 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.456286374618758 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYbYm8M4JhNJFq+q8vMNLjyvkd:uIjfuI7h57VfJhsKM5+vkd |
MD5: | 8A077FB29A7E3FE4E0FF137C906A51C8 |
SHA1: | 946ECD7DB48408C15D2FABF777D739856A7A57E9 |
SHA-256: | 3B717C69CF607B2B975B8678028C74AFD56B50767BB89A163FAFAA37736F6468 |
SHA-512: | 24DF7FBEEBFDD03E0DD4A2BE0618F0E44DB10C0B65C49027B1FCE7E14F62B1620D45F929D0D1CBC47FB54FB89503992B47CA3771156F05828C9E3649C4CDEEB9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 150308 |
Entropy (8bit): | 1.8493139304742745 |
Encrypted: | false |
SSDEEP: | 768:smfplTvaQRQU3+dL4zwaAYZT69tkfzlW3IbwAYD9GK:smvvyLlQfzlW3IbwAYD9GK |
MD5: | 29BB501BB75768766A93749168D51DD5 |
SHA1: | 1402A03DD7234D2F312B39852C259AC823196884 |
SHA-256: | 4F4AD30CB2780709647B2E114F8EE502C1F5C60D1FE09230403EA34E0012A137 |
SHA-512: | CBF1610BE678C423A705764DB607046A05E08E2A52E9E7515AC3002295575F356FC936AD4036907786BF8D7F483C7B20AB55B26CB571008DB420319FB73089F5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.6975274701715266 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCjf6uSYh6Y9ASU99pgmf6EVpBP89b6Rsfcuem:R6lXJ8f6uSYh6YKSU99pgmf9K6Kfce |
MD5: | 20304CAE3A5B796FCFA51ED0966FFB37 |
SHA1: | BC54CB83C9841A2E49A9233E8D3259916954E7F4 |
SHA-256: | 65A596CFACD0CD7D8E0424BB2E441DD62D539E7CBA63214ACAE5764A085CB792 |
SHA-512: | 4B673BA773E116A73984D420031D6E2B6783210EB4E61D60B1BF0C3D11876E3B023E2F379D37EE7278226AE4352AAF0E3FC244AC099FAC6A005EED670A3D603C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.457452473521463 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VY1Ym8M4JhNJFpH+q8vMNLjyvkd:uIjfuI7h57VpJhfKM5+vkd |
MD5: | 9A471223257D890379BEE6BD8A8B43D6 |
SHA1: | 04542873D6AC804EC29ACB536E510C864CABFF89 |
SHA-256: | 51A621DEF16F6798E40E6D5E7F6A10FD6ED321B7E186C5E78A7EAA3AC1B3D925 |
SHA-512: | 63104042876DEF8AD0CC5B01107E92920AC80EF2B45D7910E4CED60803E0E6237D671DA945740F65A3E14ECE0F100AB38C7BC2F4A290CB3FCFBCCA114106AF0E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 120602 |
Entropy (8bit): | 2.1150610939545147 |
Encrypted: | false |
SSDEEP: | 768:iRtwWt4lTve+z1wG90wGaAYZP6uH1rtdR5fVw:iRtmGA1wG9u+rtdR3 |
MD5: | D7FEFC0E60AA0125EFEB17AF5B40A531 |
SHA1: | 0F9FD1891C3EDEA91AEA7AE5983317628E57D419 |
SHA-256: | C26D4904EDF8FEA5AFE69F3A617DB9BBA7239FA5E9E0C5C93B4D39BDFAA48B06 |
SHA-512: | D18803245A7C9FD287166BC4823759FB591FE415561E6E65E75BA2484C164B56C23136FA25740D09543639DD68E5DB024255861D4CDE04D8BC63B33ED2E059FB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.6952816697682493 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCH6w0m6Y9zvSU9aQgmf60aAjAypBZ89bIRsf54m:R6lXJC6i6YBvSU9aQgmftaAjAzIKfj |
MD5: | F26502973E2111A05B4B4033D8CBE05C |
SHA1: | CCD5A7E36841AF875097172F564C109008E33004 |
SHA-256: | D7B6426CE76A05F992370436277075A52F5EA523B02631BF8C1EE660ABE6F8DD |
SHA-512: | 375B414E15C1ECA04FFA48D04C4F3B26C95D57DA4D9FB6B9E73AD5D9CE04E787B31A945E7452ED5BDA88491FDC577442B42A621669D2EE9F965C04DBEAFFB065 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.453345672510294 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VY7Ym8M4JhNBFkE+q8vMNTjyvkd:uIjfuI7h57VzJhjKMp+vkd |
MD5: | F1D47C7E5B392567AE683C8871300D2F |
SHA1: | C69576B283B91AFE8DE6F32A31CD66DC84E1C5F4 |
SHA-256: | B4BDEFD4F9191A3CD7A9BB45BC40AFD07E97F40762D0FD442826D582D89C2AD3 |
SHA-512: | 8FDB4F21A2077252D5EED11A4AFD8CB57F162D1C3D04A70FBFA249B25ED7E02E0FF395CEE95E4684F4F138997ADAE446BCB96DF7D94735D995E98339A55DF50F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 115126 |
Entropy (8bit): | 2.1536972780188384 |
Encrypted: | false |
SSDEEP: | 768:ztMjZhp4lTvv+UuYwfwGaAYZP6qqNBjG7jX:zkXSHfuYwXNN9G7b |
MD5: | 35EFAD8A16D07C63AE3C307FD9656660 |
SHA1: | EB3453B53DE6A5779C54E0D4C3E5A28A430EB2EA |
SHA-256: | 0EBD36B88603F43369E57A9E21CA49CB7D0CE3E9E948F77A069E87DFBA546990 |
SHA-512: | 00BD248A6933170432FEB9BC82A737C8E0F7C9C2B9E6A2DBD8A082D732CFCD522A1A2C461AD59D206E0CF392924A6BD60228F4DD50E119AE9CCBC6D4FC4FBF14 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.6959009564632064 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCh6m4m6Y9PSU9aQgmf60aAjAypBa89bnRsfptm:R6lXJE6Y6YFSU9aQgmftaAjAGnKfK |
MD5: | E58D6F2A19C77FBF95EB8BF4F3B189C7 |
SHA1: | 25FD36DF0D427536682F21E8814D065DB7633746 |
SHA-256: | AE868E33C5C7BB393440DC18D14DCEFF8FB7F105E48E876975545A9C21FBF22B |
SHA-512: | F7651E217D458E0A8C66FE15A19B29CCCFFE69BBF85D1D3EC3B7C8B928C8A09B30CF2E10D4910DCBE7F3735D9094267FD161B4CB534B353CBE01F9DC1344A97E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.455519333234965 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYZYm8M4JhNBFT+q8vMNTjyvkd:uIjfuI7h57VRJhZKMp+vkd |
MD5: | 260F64159633BFC207F6AA1893DB766A |
SHA1: | BAAEA9EAC95277F1AA53E2D414501DE5B090845B |
SHA-256: | DF8AA3B5478F6285036AB72AFD52BD4991B900A0B08FFDC9DE2DF8C0B5D39F66 |
SHA-512: | E8FD4118B1A30E755E94238033707DB635E2D6F5B12178C3E0CDC957A596C48FA9287C3A44B46DB51E5B8E7B3D5030DC534E7921ED6C5E4A4E30F20BF8F55128 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 152116 |
Entropy (8bit): | 1.9053283694109437 |
Encrypted: | false |
SSDEEP: | 768:GVeQuM3sp6KW34lTvLCOdo7wGaAYZP6NCZ/Nzwo57QvoMQTJO9mKuB:KsIMDxdobQZ1Mo57QvoMQTJO9mKuB |
MD5: | 69740F057E604A29ACDC06673565EBA1 |
SHA1: | 360389A2025BB039E2D36ED2BE3612D43154392D |
SHA-256: | 47A57CCF1B4A522DDBDB44A125AD7009953877CDA73CE8EB6C7C236C26324C1B |
SHA-512: | 4B437971EA6C434A012A42FCC2A4CE20C9F517B2DAA3CB0898C3C31115BDD1331D453B3CF9DDDEBAC8B0874E59057E13B8898776E1D68E874634DBF33250C939 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.698411100482801 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCe616Y9DSU9Z5gmf6EVpBa89beRsfXAqm:R6lXJb616YZSU9Z5gmf9ZeKfXc |
MD5: | 471EC40A0C4A5B051AAFE7D408B97A2B |
SHA1: | 6125BA114B750B0EBFD25E3A0AD02431716D8C75 |
SHA-256: | 2E74D3018A5C370EFFF8E41307307E3DCCAE07F686803F397F72FC5905A80D32 |
SHA-512: | 851A049C945546BAA557E2EC013D1D63B6318619FC0F2AD976BD3B319997E2B5AC1F57B33F7F86F0582D3D244E14AB3D18BFA7033C7B522FC6A1B353802D0D8A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.455769659011207 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYdYm8M4JhNJFv+q8vMNLjyvkd:uIjfuI7h57V5JhBKM5+vkd |
MD5: | 75940B10124AA64A45B36335984EA5A4 |
SHA1: | 9E5DCD336AC386D351DE5E138897E247AE57318A |
SHA-256: | 488C401645D8F42DFAFE0586AB272894F5C45967D2D8E90C0BA7B425E7C66D27 |
SHA-512: | D8E19ACFBEC86A9B3D87263BB5F4F0109918DFB73DF22157694E8537895311E9EADCE39DC13BF5E5E30838421E6751690F78B88AD92A115A18EAC85A11560FFF |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 151664 |
Entropy (8bit): | 1.9126789958067452 |
Encrypted: | false |
SSDEEP: | 768:bZ8y4crhsp6Kp4lTvvUxzRQU3BkdwGaAYZP6Npj8xLIZe2Wt7kvEM0:bBscenkpDj8tIZe2Wt7kvEM0 |
MD5: | BEB1D1D25EF16E9E292EA7F81A1BD87D |
SHA1: | 9E1361A57023CC4FE1FA282D3104C7F9F9056919 |
SHA-256: | D595E4743BF7B65136AA43D83CFD4C1D35855C77C014E0351A95C0703E225320 |
SHA-512: | 89FD7E7E431B0E826D0939DEB902CF9BF185C5EB37473F6A698D98E80E6259A8C8614D3C8ECE8DAF365D43CFAD22622932A0D6EA9C8BF3078795BDE75FD1D91C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.6991458845765512 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfC56x6Y9/mSU9p6gmf6EVpBl89bGbRsfrAjm:R6lXJ86x6YESU9p6gmf9YGbKf86 |
MD5: | 140968D3B787B4747C19B7B3F82768B3 |
SHA1: | 8511DA398ED0057BE43100C0F76C640DFEC0F177 |
SHA-256: | 0E444501FAAE333C3FE6356E205EDB3DBA7BD81FEB94B7FF7FF636872CF94064 |
SHA-512: | 9E560B1998EE2248E773E01734E6B81BEDC882B9B8E1F6DF96B688A7DD32E86A954C56B6B51F651C49B09C3B983C587BB74499F83C689AA642099D40C04C2B11 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.4578670689810025 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYZYm8M4JhNJFn+q8vMNLjyvkd:uIjfuI7h57VFJhBKM5+vkd |
MD5: | FE01A48CB7EBBE666EF0F02C94B3FC5A |
SHA1: | 70A379D01A498EDBD2CC4FC9E7DEB2E8498D40E7 |
SHA-256: | 653F26E6D52FD3C5CB7C1BBB9D5A3595BA5E9A89DF1D214F3A44CE6B8421D144 |
SHA-512: | 6B023BB1B4FAD9B447C69B1EFF71C2B90FA7F2C1C3BC3E5F64E67C7CA4133D747AF0566646852375FAFB07E2D495F7F560FD2E63A9CE637C741D87D76E5FF416 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 151172 |
Entropy (8bit): | 1.9275516387321967 |
Encrypted: | false |
SSDEEP: | 768:xSsEMvsp6KD4lTvgqegOwqwGaAYZP6BBZ4oZzvhSjYR/+fS106s:LsCdegOwwLZ4EzvhSjYR/+fS106s |
MD5: | 0E5594C09311EAE4EDD34602F9999F8F |
SHA1: | DE8D91EB5EB8789C36A89AF9412D412CABFA908A |
SHA-256: | E2DD3F72EE59417C1FA6EC334E35F10DA653527B6E49E8F2FDFAEB5CEE74FBBA |
SHA-512: | 75931635594634E7ECB9627013E32ED81A3B736059A9B29EE49094D036C64FF8E9202B6A81D26CB4DF0382C7710C06A4FB1B157D2F6F25F24ABBFD8482B786E9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.697815845654339 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCI6V6Y9eSU9mIgmf60aAjAypB989bCRsf42m:R6lXJd6V6Y0SU9mIgmftaAjAvCKfQ |
MD5: | BA313197542CD4E87DB8AFE6D7791B20 |
SHA1: | B5B3567C118A5F89CC1C1619C35805B72A2FD13E |
SHA-256: | 6E44E58D3B8029955A2DF6BCEB37A52B6B7D9A37D54F1371ABB039C9D9CEB646 |
SHA-512: | AFCEFBE6F7E9F269F44914BE7ED7DC0717A470E006FD7690DA80ED2E25FA4FA785FE27A8EF33D12C8DD4CED7C596BE2D4D9424E6D26C4D4579875C9317A6C90B |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.452740239107526 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VY+Ym8M4JhNBF44+q8vMNTjyvkd:uIjfuI7h57V2JhvKMp+vkd |
MD5: | BFCAD7A79D80DBC2A446EE5F5B8E9D7B |
SHA1: | CA0439C196BD38D3EC5F9B87CFDA5BB36086A105 |
SHA-256: | BB781E6079CED5773FA2E204BCDED88C8DC1C69F408F4062D1138D92C74F8A6B |
SHA-512: | A7F80DE3E35DB52464A9403F42C32DBAE08B1CE4D6CCF43D4A9075A5A40A32CD133E991008C3707B0F4AD6DDCB966030D2EC4D87E5FEF303FF640DEDFA4C3C5C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 145696 |
Entropy (8bit): | 1.9541136968837163 |
Encrypted: | false |
SSDEEP: | 768:3+LAAYL1Jj9W4lTvcHjwrMwGaAYZP6BAUX/tLJZF:3bRZKjwrWrX1LJZF |
MD5: | C4167176EB0B89D7C9CE4AF98B2BF922 |
SHA1: | A69B3626216243739A45692A80A127B51FAE0CBA |
SHA-256: | FC4D5BDC952C6C6BE545F1FF1E36792559EDDE2721496E8B105351F386CF4917 |
SHA-512: | EB8902931A3D7CC71D7CB39B107D0D83718D641B9E13E351E4A1EE1EEF26A07947A91B887B5448FC08829EF95E13E3B8A8451AC3ED52F561880170BC2875E5C2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.6976586447083672 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJfCM6G6Y9mSU9mIgmf60aAjAypBB89bCRsfL2m:R6lXJp6G6YsSU9mIgmftaAjA7CKfj |
MD5: | C14B55EC67CF087BD1AB50C637BD289B |
SHA1: | 28A361EF8B33315FE7CBED85723DA9A546ACB67C |
SHA-256: | 27217515CEA3CB4AF1BA38DE16535400A01D86550DBF4F2C5D418C87681BF8E6 |
SHA-512: | 552C0B4F0F87B571EF2DC356D02C15AFB2C7E4625F5DE9DCBEBFD43B73D29C50D22EB3860F96DA2849CA265A54C8636A3F9BE02B2CA97D8A76AC4AFF928881BB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4692 |
Entropy (8bit): | 4.456814442687764 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsoJg77aI9TAWpW8VYtYm8M4JhNBFP+q8vMNTjyvkd:uIjfuI7h57VJJhRKMp+vkd |
MD5: | 76130B511AEA58092885A5F2F18BABA0 |
SHA1: | DA6C0730558951AD98CF2B7892ECE8AB7BCE925F |
SHA-256: | 33DBE3126F9A426FF4129D19A45D8356C8947789EDBCA6F673C3EBD8AAEBC381 |
SHA-512: | B9298903EA65132A3842C963D2B5CE01EED4422127DA761936E3E9AD59A9F5EC5EDE39E6DC7FE21E67DC3A428DF2518F8A11C78D64C2CE7C38C4B6DDA977FDB5 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5495 |
Entropy (8bit): | 7.899150804081277 |
Encrypted: | false |
SSDEEP: | 96:wk6yWGzqeAoMq+YK0KF8cAJiI2i+uWbnYrIZlGAyujvIWFw3KJ5kgFaL:vhqASpF8wF9/ECvIx6JOp |
MD5: | 1236012D43014D116638CD0D693CA44F |
SHA1: | 3045600BD24CBA58BE4BE6DEEFC98E0CDEB68241 |
SHA-256: | 39DBB196F9FF54A6E21383FCDDF77EC08F31CB284D8DCA4139D49671DF6616EE |
SHA-512: | A14BE6E29196E36B5B14914577D4A2F6BF8D516D9CF962F68367A01C0B0883BD05842675392943571FA0F5E6834C2CEDC5632EB0E99E1CD43B24C2DC8DA1E931 |
Malicious: | true |
Yara Hits: |
|
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 0.08235737944063153 |
Encrypted: | false |
SSDEEP: | 12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO |
MD5: | 369B6DD66F1CAD49D0952C40FEB9AD41 |
SHA1: | D05B2DE29433FB113EC4C558FF33087ED7481DD4 |
SHA-256: | 14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D |
SHA-512: | 771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5242880 |
Entropy (8bit): | 0.037963276276857943 |
Encrypted: | false |
SSDEEP: | 192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ |
MD5: | C0FDF21AE11A6D1FA1201D502614B622 |
SHA1: | 11724034A1CC915B061316A96E79E9DA6A00ADE8 |
SHA-256: | FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC |
SHA-512: | A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126976 |
Entropy (8bit): | 0.47147045728725767 |
Encrypted: | false |
SSDEEP: | 96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u |
MD5: | A2D1F4CF66465F9F0CAC61C4A95C7EDE |
SHA1: | BA6A845E247B221AAEC96C4213E1FD3744B10A27 |
SHA-256: | B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE |
SHA-512: | C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 159744 |
Entropy (8bit): | 0.7873599747470391 |
Encrypted: | false |
SSDEEP: | 96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v |
MD5: | 6A6BAD38068B0F6F2CADC6464C4FE8F0 |
SHA1: | 4E3B235898D8E900548613DDB6EA59CDA5EB4E68 |
SHA-256: | 0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982 |
SHA-512: | BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5242880 |
Entropy (8bit): | 0.037963276276857943 |
Encrypted: | false |
SSDEEP: | 192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ |
MD5: | C0FDF21AE11A6D1FA1201D502614B622 |
SHA1: | 11724034A1CC915B061316A96E79E9DA6A00ADE8 |
SHA-256: | FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC |
SHA-512: | A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28672 |
Entropy (8bit): | 2.5793180405395284 |
Encrypted: | false |
SSDEEP: | 96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz |
MD5: | 41EA9A4112F057AE6BA17E2838AEAC26 |
SHA1: | F2B389103BFD1A1A050C4857A995B09FEAFE8903 |
SHA-256: | CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB |
SHA-512: | 29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 0.8553638852307782 |
Encrypted: | false |
SSDEEP: | 48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil |
MD5: | 28222628A3465C5F0D4B28F70F97F482 |
SHA1: | 1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14 |
SHA-256: | 93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4 |
SHA-512: | C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 0.8180424350137764 |
Encrypted: | false |
SSDEEP: | 96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG |
MD5: | 349E6EB110E34A08924D92F6B334801D |
SHA1: | BDFB289DAFF51890CC71697B6322AA4B35EC9169 |
SHA-256: | C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A |
SHA-512: | 2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 159744 |
Entropy (8bit): | 0.7873599747470391 |
Encrypted: | false |
SSDEEP: | 96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v |
MD5: | 6A6BAD38068B0F6F2CADC6464C4FE8F0 |
SHA1: | 4E3B235898D8E900548613DDB6EA59CDA5EB4E68 |
SHA-256: | 0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982 |
SHA-512: | BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 126976 |
Entropy (8bit): | 0.47147045728725767 |
Encrypted: | false |
SSDEEP: | 96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u |
MD5: | A2D1F4CF66465F9F0CAC61C4A95C7EDE |
SHA1: | BA6A845E247B221AAEC96C4213E1FD3744B10A27 |
SHA-256: | B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE |
SHA-512: | C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 1.1358696453229276 |
Encrypted: | false |
SSDEEP: | 192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544 |
MD5: | 28591AA4E12D1C4FC761BE7C0A468622 |
SHA1: | BC4968A84C19377D05A8BB3F208FBFAC49F4820B |
SHA-256: | 51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9 |
SHA-512: | 5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 0.8553638852307782 |
Encrypted: | false |
SSDEEP: | 48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil |
MD5: | 28222628A3465C5F0D4B28F70F97F482 |
SHA1: | 1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14 |
SHA-256: | 93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4 |
SHA-512: | C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 114688 |
Entropy (8bit): | 0.9746603542602881 |
Encrypted: | false |
SSDEEP: | 192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn |
MD5: | 780853CDDEAEE8DE70F28A4B255A600B |
SHA1: | AD7A5DA33F7AD12946153C497E990720B09005ED |
SHA-256: | 1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3 |
SHA-512: | E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6085 |
Entropy (8bit): | 6.038274200863744 |
Encrypted: | false |
SSDEEP: | 96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY |
MD5: | ACB5AD34236C58F9F7D219FB628E3B58 |
SHA1: | 02E39404CA22F1368C46A7B8398F5F6001DB8F5C |
SHA-256: | 05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1 |
SHA-512: | 5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5576 |
Entropy (8bit): | 5.370309588820505 |
Encrypted: | false |
SSDEEP: | 96:xraXZRbicT4Aisph+9hcmf/aPikANUbg3x:x0NivAtphWhcmf/aPOB |
MD5: | 1B4EAB0ACFE8F5F8589712E0AA58E893 |
SHA1: | 3BA4DDA32E364E78E5C336FF57ECA3252D08A424 |
SHA-256: | 6FF5E3C56706A12B2B04C92377A648B09F08FD18A5E0662BDC423659227AD72A |
SHA-512: | 372D97F0536A37BD136EC1D2C4D1C941351DC91E09A8A4AE0679BE91AF190DC34E084A6AC7FA4871E67B2C619CB43F441B7435DE196B52DDADDF8F2446AAACF4 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4897 |
Entropy (8bit): | 2.518316437186352 |
Encrypted: | false |
SSDEEP: | 48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q |
MD5: | B3E9D0E1B8207AA74CB8812BAAF52EAE |
SHA1: | A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B |
SHA-256: | 4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C |
SHA-512: | B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465279137708291 |
Encrypted: | false |
SSDEEP: | 6144:3IXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSbG:4XD94+WlLZMM6YFH1+G |
MD5: | E0248D14EA942B24B73A4C31C431A63B |
SHA1: | 44718D5C4D49339D2E90308F510A31A8FEED0D52 |
SHA-256: | DB7C1140A3BABD44910BB5849ED0E05DDEE0F75CA46D3BD5D376A4F09CBCCFF6 |
SHA-512: | 45541AE50B683B846CE0FC99CB1650D1D063609CCA343C9729038896275E98DB2764EA54FD1412593A8BA4BAFAB764268518B336AE88EEB1B00F7791EA91967B |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.766442912330682 |
TrID: |
|
File name: | file.exe |
File size: | 997'888 bytes |
MD5: | 5f30e027d147af1de92391f2e18644c8 |
SHA1: | febe9d268d31c17a24c0cae2d2e2b5d617d8608f |
SHA256: | 8f82f1de5cd507dd90c604c127dfe50e366530fbc0bbe2841ce68767d911cc65 |
SHA512: | 671aaf72c280f56f5f5d11d138946d1b30e6625670c9be1350cc6eac560be5af2c48906b04b14c072efe4cd313d3d0694128475548d5efe0721f97990631e809 |
SSDEEP: | 24576:V3l3jR7ECfW0DJfsOtKSpnywvEITMp2hiF3UdEbwQ:V3Jj2CfZJf1KSXsM22A3UdYw |
TLSH: | 68251202F6F2A434F5A70B3A48349B1506BFFD339A74859FA388320E69B15D06772B53 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.....|...|...|.......|.....z.|.....*.|.......|...}.v.|..4....|.......|..4....|.Rich..|.........PE..L....2.d................... |
Icon Hash: | cd0d3d2e4e054d05 |
Entrypoint: | 0x40405d |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x64C1320B [Wed Jul 26 14:47:39 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 43cb5d6ab6c623f5883f711e054621c1 |
Instruction |
---|
call 00007F66B87BC048h |
jmp 00007F66B87B6415h |
push 00000014h |
push 004166D8h |
call 00007F66B87B9592h |
call 00007F66B87BB153h |
movzx esi, ax |
push 00000002h |
call 00007F66B87BBFDBh |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [00400000h], ax |
je 00007F66B87B6416h |
xor ebx, ebx |
jmp 00007F66B87B6445h |
mov eax, dword ptr [0040003Ch] |
cmp dword ptr [eax+00400000h], 00004550h |
jne 00007F66B87B63FDh |
mov ecx, 0000010Bh |
cmp word ptr [eax+00400018h], cx |
jne 00007F66B87B63EFh |
xor ebx, ebx |
cmp dword ptr [eax+00400074h], 0Eh |
jbe 00007F66B87B641Bh |
cmp dword ptr [eax+004000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007F66B87B9408h |
test eax, eax |
jne 00007F66B87B641Ah |
push 0000001Ch |
call 00007F66B87B64F1h |
pop ecx |
call 00007F66B87B8AE9h |
test eax, eax |
jne 00007F66B87B641Ah |
push 00000010h |
call 00007F66B87B64E0h |
pop ecx |
call 00007F66B87BAE9Ch |
and dword ptr [ebp-04h], 00000000h |
call 00007F66B87BA4F5h |
test eax, eax |
jns 00007F66B87B641Ah |
push 0000001Bh |
call 00007F66B87B64C6h |
pop ecx |
call dword ptr [004100C8h] |
mov dword ptr [040D7A4Ch], eax |
call 00007F66B87BC02Fh |
mov dword ptr [004E6A00h], eax |
call 00007F66B87BBC2Ch |
test eax, eax |
jns 00007F66B87B641Ah |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x16b0c | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3cd8000 | 0xee58 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x10200 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x160b0 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x16068 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x10000 | 0x190 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xe403 | 0xe600 | 590cc0bd6f8bcc8f80a46e1c375b800c | False | 0.601953125 | data | 6.680942552005868 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x10000 | 0x7440 | 0x7600 | 1560bf9c69cef0ed073692a7553e3c60 | False | 0.3897974046610169 | data | 4.887444766557987 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x18000 | 0x3cbfa64 | 0xcea00 | e7c90b233c7d1f1b2075f03b8765b98e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3cd8000 | 0xee58 | 0xf000 | ce35a0ad0d757bc5db78cd7e6465e998 | False | 0.47861328125 | data | 5.238002400787557 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x3cd8570 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Romanian | Romania | 0.48667377398720685 |
RT_ICON | 0x3cd9418 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Romanian | Romania | 0.5938628158844765 |
RT_ICON | 0x3cd9cc0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Romanian | Romania | 0.6526497695852534 |
RT_ICON | 0x3cda388 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Romanian | Romania | 0.6589595375722543 |
RT_ICON | 0x3cda8f0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Romanian | Romania | 0.39180497925311203 |
RT_ICON | 0x3cdce98 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Romanian | Romania | 0.5077392120075047 |
RT_ICON | 0x3cddf40 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Romanian | Romania | 0.5860655737704918 |
RT_ICON | 0x3cde8c8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Romanian | Romania | 0.6773049645390071 |
RT_ICON | 0x3cdeda8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.4139125799573561 |
RT_ICON | 0x3cdfc50 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.4598375451263538 |
RT_ICON | 0x3ce04f8 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.554147465437788 |
RT_ICON | 0x3ce0bc0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.44942196531791906 |
RT_ICON | 0x3ce1128 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.46307053941908716 |
RT_ICON | 0x3ce36d0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.4793621013133208 |
RT_ICON | 0x3ce4778 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Romanian | Romania | 0.494672131147541 |
RT_ICON | 0x3ce5100 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.5540780141843972 |
RT_DIALOG | 0x3ce57c8 | 0x52 | data | 0.8780487804878049 | ||
RT_STRING | 0x3ce5820 | 0x322 | data | Romanian | Romania | 0.47256857855361595 |
RT_STRING | 0x3ce5b48 | 0x5a8 | data | Romanian | Romania | 0.43577348066298344 |
RT_STRING | 0x3ce60f0 | 0x1e4 | data | Romanian | Romania | 0.4772727272727273 |
RT_STRING | 0x3ce62d8 | 0x322 | data | Romanian | Romania | 0.47381546134663344 |
RT_STRING | 0x3ce6600 | 0x698 | data | Romanian | Romania | 0.4259478672985782 |
RT_STRING | 0x3ce6c98 | 0x1ba | data | Romanian | Romania | 0.5135746606334841 |
RT_GROUP_ICON | 0x3cded30 | 0x76 | data | Romanian | Romania | 0.6610169491525424 |
RT_GROUP_ICON | 0x3ce5568 | 0x76 | data | Romanian | Romania | 0.6694915254237288 |
RT_VERSION | 0x3ce55e0 | 0x1e4 | data | 0.5371900826446281 |
DLL | Import |
---|---|
KERNEL32.dll | LocalCompact, GetUserDefaultLCID, AddConsoleAliasW, CreateHardLinkA, GetTickCount, EnumTimeFormatsW, GetUserDefaultLangID, FindResourceExA, GetVolumeInformationA, GetLocaleInfoW, GetCompressedFileSizeA, GetTempPathW, SetThreadLocale, SetLastError, GetProcAddress, CreateTimerQueueTimer, FindFirstChangeNotificationW, BuildCommDCBW, LoadLibraryA, WriteConsoleA, InterlockedExchangeAdd, LocalAlloc, SetCalendarInfoW, GetExitCodeThread, RemoveDirectoryW, AddAtomA, SetNamedPipeHandleState, GlobalFindAtomW, GetModuleFileNameA, GetOEMCP, GlobalUnWire, LoadLibraryExA, ReadConsoleInputW, GetWindowsDirectoryW, AddConsoleAliasA, SetFileAttributesA, GetComputerNameA, WriteConsoleW, OutputDebugStringW, GetLastError, HeapFree, EncodePointer, DecodePointer, ReadFile, ExitProcess, GetModuleHandleExW, MultiByteToWideChar, WideCharToMultiByte, GetCommandLineA, RaiseException, RtlUnwind, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetCPInfo, GetCurrentThreadId, IsDebuggerPresent, HeapAlloc, GetProcessHeap, HeapSize, EnterCriticalSection, LeaveCriticalSection, SetFilePointerEx, GetConsoleMode, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, CloseHandle, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, WriteFile, GetModuleFileNameW, LoadLibraryExW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStringTypeW, HeapReAlloc, LCMapStringW, SetStdHandle, GetConsoleCP, FlushFileBuffers, CreateFileW |
ADVAPI32.dll | DeregisterEventSource |
WINHTTP.dll | WinHttpConnect |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Romanian | Romania |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/22/24-01:28:54.900516 | TCP | 2049060 | ET TROJAN RisePro TCP Heartbeat Packet | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
04/22/24-01:28:55.338745 | TCP | 2046267 | ET TROJAN [ANY.RUN] RisePro TCP (External IP) | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
04/22/24-01:28:55.099915 | TCP | 2046266 | ET TROJAN [ANY.RUN] RisePro TCP (Token) | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
04/22/24-01:28:58.805975 | TCP | 2046269 | ET TROJAN [ANY.RUN] RisePro TCP (Activity) | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 22, 2024 01:28:54.661473036 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:28:54.880594969 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:28:54.880693913 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:28:54.900516033 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:28:55.099915028 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:28:55.119390965 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:28:55.119645119 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:28:55.222831011 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:28:55.338745117 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:28:55.394500971 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:28:55.483964920 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:28:57.981108904 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:57.981194019 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:57.981261969 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:57.984538078 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:57.984572887 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:58.223450899 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:58.223562956 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:58.226178885 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:58.226201057 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:58.226548910 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:58.269516945 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:58.805974960 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:28:58.938863039 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:58.980144024 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:59.032304049 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:28:59.074306011 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:59.074489117 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:59.074585915 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:59.077487946 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:59.077529907 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:59.077578068 CEST | 49731 | 443 | 192.168.2.4 | 34.117.186.192 |
Apr 22, 2024 01:28:59.077595949 CEST | 443 | 49731 | 34.117.186.192 | 192.168.2.4 |
Apr 22, 2024 01:28:59.082017899 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:28:59.188054085 CEST | 49732 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 22, 2024 01:28:59.188169003 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.188285112 CEST | 49732 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 22, 2024 01:28:59.188553095 CEST | 49732 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 22, 2024 01:28:59.188579082 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.417783022 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.417907000 CEST | 49732 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 22, 2024 01:28:59.421648026 CEST | 49732 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 22, 2024 01:28:59.421680927 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.422092915 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.424979925 CEST | 49732 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 22, 2024 01:28:59.468123913 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.879900932 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.880007982 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.880323887 CEST | 49732 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 22, 2024 01:28:59.880450964 CEST | 49732 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 22, 2024 01:28:59.880498886 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.880531073 CEST | 49732 | 443 | 192.168.2.4 | 172.67.75.166 |
Apr 22, 2024 01:28:59.880546093 CEST | 443 | 49732 | 172.67.75.166 | 192.168.2.4 |
Apr 22, 2024 01:28:59.881858110 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.128200054 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.175782919 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.207223892 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.442692041 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.488415003 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.535403967 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.775589943 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.775645971 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.775684118 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.775712967 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.775748968 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.775787115 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.775801897 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.775825024 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.775861025 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.775873899 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.775898933 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.775954962 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.775955915 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.775993109 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.776041031 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.995244980 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.995363951 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.995402098 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.995441914 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.995484114 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:00.995568037 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:00.995568037 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:01.035257101 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:01.082250118 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:01.316823006 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:01.363362074 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:01.410321951 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:01.644783020 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:01.691412926 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:16.984997988 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:16.985105991 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:17.203995943 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:17.204020023 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:17.204035044 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:17.204086065 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:17.468429089 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:20.019617081 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Apr 22, 2024 01:29:20.238773108 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:20.250283003 CEST | 58709 | 49730 | 147.45.47.93 | 192.168.2.4 |
Apr 22, 2024 01:29:20.250499010 CEST | 49730 | 58709 | 192.168.2.4 | 147.45.47.93 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 22, 2024 01:28:57.871700048 CEST | 63352 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 22, 2024 01:28:57.976252079 CEST | 53 | 63352 | 1.1.1.1 | 192.168.2.4 |
Apr 22, 2024 01:28:59.079485893 CEST | 53568 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 22, 2024 01:28:59.186819077 CEST | 53 | 53568 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 22, 2024 01:28:57.871700048 CEST | 192.168.2.4 | 1.1.1.1 | 0xa835 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 22, 2024 01:28:59.079485893 CEST | 192.168.2.4 | 1.1.1.1 | 0xfe74 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 22, 2024 01:28:57.976252079 CEST | 1.1.1.1 | 192.168.2.4 | 0xa835 | No error (0) | 34.117.186.192 | A (IP address) | IN (0x0001) | false | ||
Apr 22, 2024 01:28:59.186819077 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe74 | No error (0) | 172.67.75.166 | A (IP address) | IN (0x0001) | false | ||
Apr 22, 2024 01:28:59.186819077 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe74 | No error (0) | 104.26.4.15 | A (IP address) | IN (0x0001) | false | ||
Apr 22, 2024 01:28:59.186819077 CEST | 1.1.1.1 | 192.168.2.4 | 0xfe74 | No error (0) | 104.26.5.15 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49731 | 34.117.186.192 | 443 | 2896 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 23:28:58 UTC | 237 | OUT | |
2024-04-21 23:28:59 UTC | 513 | IN | |
2024-04-21 23:28:59 UTC | 742 | IN | |
2024-04-21 23:28:59 UTC | 238 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49732 | 172.67.75.166 | 443 | 2896 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-21 23:28:59 UTC | 261 | OUT | |
2024-04-21 23:28:59 UTC | 660 | IN | |
2024-04-21 23:28:59 UTC | 699 | IN | |
2024-04-21 23:28:59 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:28:51 |
Start date: | 22/04/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 997'888 bytes |
MD5 hash: | 5F30E027D147AF1DE92391F2E18644C8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 01:28:52 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 01:28:54 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 01:28:54 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 01:28:55 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 01:28:56 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 01:28:57 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 01:29:00 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 01:29:01 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 01:29:02 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 21 |
Start time: | 01:29:03 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 23 |
Start time: | 01:29:04 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 25 |
Start time: | 01:29:06 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 27 |
Start time: | 01:29:08 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 30 |
Start time: | 01:29:09 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 32 |
Start time: | 01:29:10 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 34 |
Start time: | 01:29:11 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 36 |
Start time: | 01:29:12 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 38 |
Start time: | 01:29:12 |
Start date: | 22/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd00000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Execution Graph
Execution Coverage: | 11.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 19.9% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 132 |
Graph
Function 0045578C Relevance: 82.6, APIs: 39, Strings: 6, Instructions: 3900sleeplibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453C30 Relevance: 68.1, APIs: 33, Strings: 5, Instructions: 1568sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0049D110 Relevance: 41.6, APIs: 18, Strings: 4, Instructions: 3107registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045504E Relevance: 30.3, APIs: 16, Strings: 1, Instructions: 544sleepsynchronizationthreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F2870 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 351fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045B010 Relevance: 20.2, APIs: 12, Instructions: 2241COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453E0C Relevance: 20.2, APIs: 9, Strings: 2, Instructions: 911libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F27E Relevance: 15.1, APIs: 6, Strings: 2, Instructions: 1141fileCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00516730 Relevance: 12.0, Strings: 9, Instructions: 760COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005209F0 Relevance: 11.3, Strings: 8, Instructions: 1305COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045A5C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 156sleepCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D5B3 Relevance: 9.4, APIs: 4, Strings: 1, Instructions: 643fileCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CA55 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 509fileCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045A790 Relevance: 7.0, APIs: 4, Instructions: 978COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D0620 Relevance: 6.8, APIs: 4, Instructions: 813fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00454577 Relevance: 6.2, APIs: 4, Instructions: 179windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004479BE Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 408timeCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00551070 Relevance: 4.6, APIs: 3, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C82B Relevance: 4.5, APIs: 3, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054B990 Relevance: 3.5, APIs: 2, Instructions: 484COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005041A0 Relevance: 1.9, Strings: 1, Instructions: 621COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A8BD Relevance: .3, Instructions: 318COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00506920 Relevance: .3, Instructions: 313COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00506DD0 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00453450 Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E35A0 Relevance: 24.5, APIs: 16, Instructions: 493fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D563 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004431A0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 292COMMONLIBRARYCODE
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A4B2 Relevance: 7.8, APIs: 5, Instructions: 319COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407D50 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 381libraryloadernetworkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004081E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 332libraryloadernetworkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F2CD0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00551E30 Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AED5 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 225fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C5CC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 224fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BDCF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 174fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447C50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156timeCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C37A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AA6A Relevance: 4.7, APIs: 3, Instructions: 227fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043DE79 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043CFC6 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 221fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B362 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 211fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D2890 Relevance: 3.6, APIs: 2, Instructions: 560COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041FD60 Relevance: 3.3, APIs: 2, Instructions: 323COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004122A0 Relevance: 3.2, APIs: 2, Instructions: 185COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D90 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004458AA Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D1860 Relevance: 2.0, APIs: 1, Instructions: 549fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425390 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F3550 Relevance: 1.7, APIs: 1, Instructions: 170COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F3350 Relevance: 1.7, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433692 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F3750 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004035B0 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AD0 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004254C0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044550F Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444EEA Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F1F00 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00445924 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AA0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440F65 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408FE0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408FE1 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D2040 Relevance: 1.3, APIs: 1, Instructions: 33sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D20B0 Relevance: 1.3, APIs: 1, Instructions: 33sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D2120 Relevance: 1.3, APIs: 1, Instructions: 33sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D1F60 Relevance: 1.3, APIs: 1, Instructions: 33sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D1FD0 Relevance: 1.3, APIs: 1, Instructions: 33sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F2150 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 154windowfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0052A080 Relevance: 23.5, Strings: 18, Instructions: 970COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004DB380 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 287injectionmemorysynchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004EC100 Relevance: 11.0, APIs: 7, Instructions: 534fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005233F0 Relevance: 10.1, Strings: 7, Instructions: 1371COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00513320 Relevance: 7.4, Strings: 5, Instructions: 1164COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044D3EB Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004371F0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004E2080 Relevance: 4.7, APIs: 3, Instructions: 219COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00541180 Relevance: 4.5, Strings: 3, Instructions: 710COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00553170 Relevance: 3.5, APIs: 2, Instructions: 465COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004D3280 Relevance: 3.4, Strings: 2, Instructions: 927COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C1FB Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0054E340 Relevance: 1.7, APIs: 1, Instructions: 167COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00547260 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00552230 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004FB0A0 Relevance: .8, Instructions: 763COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004F7290 Relevance: .7, Instructions: 709COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00510140 Relevance: .7, Instructions: 660COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00506210 Relevance: .4, Instructions: 436COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A040 Relevance: .4, Instructions: 394COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004FC0A0 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004351B8 Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005040A0 Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452273 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432056 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004463F6 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A2A0 Relevance: 9.1, APIs: 6, Instructions: 141COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E299 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044A27A Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044B21E Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00490040 Relevance: 6.0, APIs: 4, Instructions: 20synchronizationthreadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004323FB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |