I43xo3KKfS.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
|
|
|
Filetype: |
PE32 executable (GUI) Intel 80386, for MS Windows
|
Entropy: |
7.271127613677151
|
Filename: |
I43xo3KKfS.exe
|
Filesize: |
712704
|
MD5: |
70601976ccafcd842cf413a269f70e7c
|
SHA1: |
bc582afa67b9000676edf999d1077d9c3d425f94
|
SHA256: |
a7d56a398503b0a313f781842427619c39f6d45eef285e2139e8e7e2d7640a6b
|
SHA512: |
f106c9106a195b276d4891dd052b73a29ea49938e47d508e1cb93cb33b1f104da8c60b7c8a0b4a359967522cda968bb9eed0e27abbe4620c6769e5100152a66b
|
SSDEEP: |
12288:Vnjrb7cQKwwSjBWBP225wg3Xkspj2P/zs4wOx8FF87Y3Ecgt/0hSiMHXfN:Vnj7hwS1WBP225DnkkqXzsz3RTE0hSiE
|
Preview: |
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.1.&._A&._A&._A8..A=._A8..A8._A8..AA._A..$A%._A&.^AW._A8..A'._A8..A'._A8..A'._ARich&._A........PE..L.....5f...................
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus / Scanner detection for submitted sample |
AV Detection |
Extra Window Memory Injection
|
Detected unpacking (changes PE section rights) |
Data Obfuscation |
Extra Window Memory Injection
|
Detected unpacking (overwrites its own PE header) |
Compliance, Data Obfuscation |
Extra Window Memory Injection
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Found evasive API chain (may stop execution after checking locale) |
Malware Analysis System Evasion |
Extra Window Memory Injection
Virtualization/Sandbox Evasion
|
Machine Learning detection for sample |
AV Detection |
|
Sample uses string decryption to hide its real strings |
AV Detection |
|
Searches for specific processes (likely to inject) |
HIPS / PFW / Operating System Protection Evasion |
Extra Window Memory Injection
|
Tries to harvest and steal browser information (history, passwords, etc) |
Stealing of Sensitive Information |
Extra Window Memory Injection
|
Contains functionality to call native functions |
System Summary |
|
Contains functionality to check if a debugger is running (IsDebuggerPresent) |
Anti Debugging |
|
Contains functionality to create guard pages, often used to hinder reverse usering and debugging |
Anti Debugging |
Extra Window Memory Injection
|
Contains functionality to dynamically determine API calls |
Data Obfuscation, Anti Debugging |
|
Contains functionality to query CPU information (cpuid) |
Language, Device and Operating System Detection |
|
Contains functionality to query locales information (e.g. system language) |
Language, Device and Operating System Detection |
|
Contains functionality to read the PEB |
Anti Debugging |
|
Contains functionality which may be used to detect a debugger (GetProcessHeap) |
Anti Debugging |
Extra Window Memory Injection
|
Detected potential crypto function |
System Summary |
Extra Window Memory Injection
|
Drops PE files |
Persistence and Installation Behavior |
Extra Window Memory Injection
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Extensive use of GetProcAddress (often used to hide API calls) |
Hooking and other Techniques for Hiding and Protection |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
Extra Window Memory Injection
|
Found potential string decryption / allocating functions |
System Summary |
Extra Window Memory Injection
Deobfuscate/Decode Files or Information
|
One or more processes crash |
System Summary |
Extra Window Memory Injection
|
PE file contains sections with non-standard names |
Data Obfuscation |
Extra Window Memory Injection
|
Queries information about the installed CPU (vendor, model number etc) |
Language, Device and Operating System Detection |
|
Queries the volume information (name, serial number etc) of a device |
Language, Device and Operating System Detection |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Uses Microsoft's Enhanced Cryptographic Provider |
Cryptography |
|
Uses code obfuscation techniques (call, push, ret) |
Data Obfuscation |
|
Binary may include packed or encrypted code |
Data Obfuscation |
Obfuscated Files or Information
|
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3) |
System Summary |
|
Contains functionality to create a new desktop |
Protection of GUI |
|
Contains functionality to download additional files from the internet |
Networking |
|
Contains functionality to enum processes or threads |
System Summary |
|
Contains functionality to enumerate / list files inside a directory |
Spreading, Malware Analysis System Evasion |
|
Contains functionality to instantiate COM classes |
System Summary |
|
Contains functionality to query local / system time |
Language, Device and Operating System Detection |
System Information Discovery
|
Contains functionality to query system information |
Malware Analysis System Evasion |
|
Contains functionality to query the account / user name |
Language, Device and Operating System Detection |
System Owner/User Discovery
|
Contains functionality to query time zone information |
Language, Device and Operating System Detection |
|
Contains functionality to register its own exception handler |
Anti Debugging |
|
Creates files inside the user directory |
System Summary |
|
Creates guard pages, often used to prevent reverse usering and debugging |
Anti Debugging |
|
Enumerates the file system |
Spreading, Malware Analysis System Evasion |
Extra Window Memory Injection
File and Directory Discovery
|
PE file has an executable .text section and no other executable section |
System Summary |
Extra Window Memory Injection
|
Program exit points |
Malware Analysis System Evasion |
|
Queries a list of all running processes |
Malware Analysis System Evasion |
Extra Window Memory Injection
|
Reads software policies |
System Summary |
|
SQL strings found in memory and binary data |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
Tries to load missing DLLs |
System Summary |
Extra Window Memory Injection
|
URLs found in memory or binary data |
Networking |
|
Uses an in-process (OLE) Automation server |
System Summary |
|
Uses new MSVCR Dlls |
Compliance, System Summary |
Extra Window Memory Injection
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_I43xo3KKfS.exe_28bc6b3603f5f8d941a5aba9cef8425f2a398_64f2822e_66db753d-6df9-4199-9577-860096641214\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_I43xo3KKfS.exe_28bc6b3603f5f8d941a5aba9cef8425f2a398_64f2822e_66db753d-6df9-4199-9577-860096641214\Report.wer
|
Category: |
dropped
|
Dump: |
Report.wer.13.dr
|
ID: |
dr_28
|
Target ID: |
13
|
Process: |
C:\Windows\SysWOW64\WerFault.exe
|
Type: |
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
1.009700292703866
|
Encrypted: |
false
|
Ssdeep: |
192:Zsm4lMAn0GO3LjsqZrP2E8zuiF3+Z24IO8Qe:um4lMA0GO3LjlKzuiFuY4IO8Qe
|
Size: |
65536
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Antivirus / Scanner detection for submitted sample |
AV Detection |
|
Multi AV Scanner detection for submitted file |
AV Detection |
|
Machine Learning detection for sample |
AV Detection |
|
PE file contains sections with non-standard names |
Data Obfuscation |
|
Uses 32bit PE files |
Compliance, System Summary |
|
Binary may include packed or encrypted code |
Data Obfuscation |
Obfuscated Files or Information
|
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3) |
System Summary |
|
PE file has an executable .text section and no other executable section |
System Summary |
|
Sample is known by Antivirus |
System Summary |
|
|
C:\ProgramData\FBAFIIJK
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
|
|
|
File: |
C:\ProgramData\FBAFIIJK
|
Category: |
dropped
|
Dump: |
FBAFIIJK.0.dr
|
ID: |
dr_3
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\I43xo3KKfS.exe
|
Type: |
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
Entropy: |
1.136471148832945
|
Encrypted: |
false
|
Ssdeep: |
192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
|
Size: |
106496
|
Whitelisted: |
false
|
Reputation: |
moderate
|
|
C:\ProgramData\JDGHIIJKEBGIDHIDBKJD
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
|
|
|
File: |
C:\ProgramData\JDGHIIJKEBGIDHIDBKJD
|
Category: |
dropped
|
Dump: |
JDGHIIJKEBGIDHIDBKJD.0.dr
|
ID: |
dr_2
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\I43xo3KKfS.exe
|
Type: |
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
Entropy: |
0.8553638852307782
|
Encrypted: |
false
|
Ssdeep: |
48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
|
Size: |
40960
|
Whitelisted: |
false
|
Reputation: |
high
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8540.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Oct 31 08:07:31 2024, 0x1205a4 type
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8540.tmp.dmp
|
Category: |
dropped
|
Dump: |
WER8540.tmp.dmp.13.dr
|
ID: |
dr_25
|
Target ID: |
13
|
Process: |
C:\Windows\SysWOW64\WerFault.exe
|
Type: |
Mini DuMP crash report, 14 streams, Thu Oct 31 08:07:31 2024, 0x1205a4 type
|
Entropy: |
2.0090869836483267
|
Encrypted: |
false
|
Ssdeep: |
384:Hl3GZZd9CU7gEGickJt4aCPoHV3Wv/rYDsrPYoda3uApm1erCnMxjtHY2OC1:F2Td9CIgE5LOacCmX+oT1x2d1
|
Size: |
129602
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER866A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER866A.tmp.WERInternalMetadata.xml
|
Category: |
dropped
|
Dump: |
WER866A.tmp.WERInternalMetadata.xml.13.dr
|
ID: |
dr_26
|
Target ID: |
13
|
Process: |
C:\Windows\SysWOW64\WerFault.exe
|
Type: |
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
Entropy: |
3.703488338023757
|
Encrypted: |
false
|
Ssdeep: |
192:R6l7wVeJKv6h96Y2DNSU6Qgmfx44IpDG89bCYwsfBsum:R6lXJ66b6YgSU6Qgmfx44qCYDfG3
|
Size: |
8360
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER869A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
File: |
C:\ProgramData\Microsoft\Windows\WER\Temp\WER869A.tmp.xml
|
Category: |
dropped
|
Dump: |
WER869A.tmp.xml.13.dr
|
ID: |
dr_27
|
Target ID: |
13
|
Process: |
C:\Windows\SysWOW64\WerFault.exe
|
Type: |
XML 1.0 document, ASCII text, with CRLF line terminators
|
Entropy: |
4.490726400957015
|
Encrypted: |
false
|
Ssdeep: |
48:cvIwWl8zsyJg77aI9VSWpW8VYrYm8M4JmH/FlWq+q8s4bPOFWed:uIjfAI7jz7V7J+WqMWWed
|
Size: |
4595
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\ProgramData\chrome.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
File: |
C:\ProgramData\chrome.dll
|
Category: |
dropped
|
Dump: |
chrome.dll.0.dr
|
ID: |
dr_1
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\I43xo3KKfS.exe
|
Type: |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Entropy: |
6.304379785339226
|
Encrypted: |
false
|
Ssdeep: |
12288:Kk5nGNLFzxC+gej5yNcTN+pt+tLK75PL2rn65hYVKKuKOvy/j3t:KMGNL/geFyNcTN+jv75TQn652VBuNyb
|
Size: |
692736
|
Whitelisted: |
false
|
Reputation: |
timeout
|
Signature Hits |
Behavior Group |
Mitre Attack |
|
Drops PE files |
Persistence and Installation Behavior |
|
Drops PE files to the application program directory (C:\ProgramData) |
Persistence and Installation Behavior |
|
Found dropped PE file which has not been started or loaded |
Malware Analysis System Evasion |
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8b6d5c38-7013-4935-b302-a38391baefe8.tmp
|
JSON data
|
modified
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8b6d5c38-7013-4935-b302-a38391baefe8.tmp
|
Category: |
modified
|
Dump: |
8b6d5c38-7013-4935-b302-a38391baefe8.tmp.8.dr
|
ID: |
dr_21
|
Target ID: |
8
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.095687742358456
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kW2hi1zNtFVGF965uDPCPrYKJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynm8LKtSmd6qE7lFoC
|
Size: |
44910
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\946f95c7-b468-4ea4-8fc5-c980224918a7.tmp
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\946f95c7-b468-4ea4-8fc5-c980224918a7.tmp
|
Category: |
dropped
|
Dump: |
946f95c7-b468-4ea4-8fc5-c980224918a7.tmp.7.dr
|
ID: |
dr_15
|
Target ID: |
7
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.095954788719888
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kW2hi1zNtFVGFNFXN5gxVfpFKJDSgzMMd6qD47u3+CO:+/Ps+wsI7ynm8iFKtSmd6qE7lFoC
|
Size: |
44902
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9b7e0c63-8a8f-4c13-826a-79e2e534c269.tmp
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\9b7e0c63-8a8f-4c13-826a-79e2e534c269.tmp
|
Category: |
dropped
|
Dump: |
9b7e0c63-8a8f-4c13-826a-79e2e534c269.tmp.8.dr
|
ID: |
dr_20
|
Target ID: |
8
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.095687742358456
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kW2hi1zNtFVGF965uDPCPrYKJDSgzMMd6qD47u3+CiB:+/Ps+wsI7ynm8LKtSmd6qE7lFoC
|
Size: |
44910
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67233AB9-1F04.pma
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67233AB9-1F04.pma
|
Category: |
dropped
|
Dump: |
BrowserMetrics-67233AB9-1F04.pma.8.dr
|
ID: |
dr_22
|
Target ID: |
8
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
data
|
Entropy: |
0.044569672879916054
|
Encrypted: |
false
|
Ssdeep: |
192:IwL0m5tmRnOAtqYCEJgA8x5XSggykfhbNNETUIY/0TQs8rRN/n8y08Tcm2RGOdB:VL0UteMEgk9hZ9W4rj08T2RGOD
|
Size: |
4194304
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
|
data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
|
Category: |
dropped
|
Dump: |
settings.dat.7.dr
|
ID: |
dr_11
|
Target ID: |
7
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
data
|
Entropy: |
4.0984945491284295
|
Encrypted: |
false
|
Ssdeep: |
3:FiWWltlcUpPmPIijS3XbnbO6YBVP/Sh/JzvbYuDRBOc7cEJHCll:o1cUh4Y3LbO/BVsJDbYuDRBOycd
|
Size: |
280
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
|
ASCII text, with no line terminators
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version
|
Category: |
dropped
|
Dump: |
Last Version.7.dr
|
ID: |
dr_14
|
Target ID: |
7
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
ASCII text, with no line terminators
|
Entropy: |
2.6612262562697895
|
Encrypted: |
false
|
Ssdeep: |
3:NYLFRQZ:ap2Z
|
Size: |
13
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)
|
Category: |
dropped
|
Dump: |
e19c6e1c-b08f-4fbe-97b7-037000527258.tmp.7.dr
|
ID: |
dr_17
|
Target ID: |
7
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.089784100016918
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kWldi1zNtPMSkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynndkzItSmd6qE7lFoC
|
Size: |
44455
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38c14.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38c14.TMP (copy)
|
Category: |
dropped
|
Dump: |
e19c6e1c-b08f-4fbe-97b7-037000527258.tmp.7.dr
|
ID: |
dr_18
|
Target ID: |
7
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.089784100016918
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kWldi1zNtPMSkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynndkzItSmd6qE7lFoC
|
Size: |
44455
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38d8b.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38d8b.TMP (copy)
|
Category: |
dropped
|
Dump: |
e19c6e1c-b08f-4fbe-97b7-037000527258.tmp.7.dr
|
ID: |
dr_23
|
Target ID: |
8
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.089784100016918
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kWldi1zNtPMSkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynndkzItSmd6qE7lFoC
|
Size: |
44455
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38d9b.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38d9b.TMP (copy)
|
Category: |
dropped
|
Dump: |
e19c6e1c-b08f-4fbe-97b7-037000527258.tmp.7.dr
|
ID: |
dr_24
|
Target ID: |
8
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.089784100016918
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kWldi1zNtPMSkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynndkzItSmd6qE7lFoC
|
Size: |
44455
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38dba.TMP (copy)
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF38dba.TMP (copy)
|
Category: |
dropped
|
Dump: |
e19c6e1c-b08f-4fbe-97b7-037000527258.tmp.7.dr
|
ID: |
dr_19
|
Target ID: |
7
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.089784100016918
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kWldi1zNtPMSkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynndkzItSmd6qE7lFoC
|
Size: |
44455
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations
|
Category: |
dropped
|
Dump: |
Variations.7.dr
|
ID: |
dr_12
|
Target ID: |
7
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
4.3488360343066725
|
Encrypted: |
false
|
Ssdeep: |
3:YQ3JYq9xSs0dMEJAELJ25AmIpozQp:YQ3Kq9X0dMgAEiLIj
|
Size: |
85
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a0592f6d-518e-43c4-b6c0-7165d2616047.tmp
|
JSON data
|
modified
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\a0592f6d-518e-43c4-b6c0-7165d2616047.tmp
|
Category: |
modified
|
Dump: |
a0592f6d-518e-43c4-b6c0-7165d2616047.tmp.7.dr
|
ID: |
dr_16
|
Target ID: |
7
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.095954788719888
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kW2hi1zNtFVGFNFXN5gxVfpFKJDSgzMMd6qD47u3+CO:+/Ps+wsI7ynm8iFKtSmd6qE7lFoC
|
Size: |
44902
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e19c6e1c-b08f-4fbe-97b7-037000527258.tmp
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e19c6e1c-b08f-4fbe-97b7-037000527258.tmp
|
Category: |
dropped
|
Dump: |
e19c6e1c-b08f-4fbe-97b7-037000527258.tmp.7.dr
|
ID: |
dr_13
|
Target ID: |
7
|
Process: |
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
|
Type: |
JSON data
|
Entropy: |
6.089784100016918
|
Encrypted: |
false
|
Ssdeep: |
768:+DXzgWPsj/qlGJqIY8GB4kWldi1zNtPMSkzZ7okEt9r1JDSgzMMd6qD47u3+CioC:+/Ps+wsI7ynndkzItSmd6qE7lFoC
|
Size: |
44455
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
|
JSON data
|
dropped
|
|
|
|
File: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\json[1].json
|
Category: |
dropped
|
Dump: |
json[1].json.0.dr
|
ID: |
dr_0
|
Target ID: |
0
|
Process: |
C:\Users\user\Desktop\I43xo3KKfS.exe
|
Type: |
JSON data
|
Entropy: |
5.377356320537378
|
Encrypted: |
false
|
Ssdeep: |
48:SfNaoQhTEQs/fNaoQI3nQISfNaoQ0u/Q0tfNaoQMr0UrU0U8QF:6NnQhTEQsXNnQI3nQI6NnQhQkNnQq0Um
|
Size: |
1787
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
|
|
|
File: |
C:\Windows\appcompat\Programs\Amcache.hve
|
Category: |
dropped
|
Dump: |
Amcache.hve.13.dr
|
ID: |
dr_29
|
Target ID: |
13
|
Process: |
C:\Windows\SysWOW64\WerFault.exe
|
Type: |
MS Windows registry file, NT/2000 or above
|
Entropy: |
4.468572938026923
|
Encrypted: |
false
|
Ssdeep: |
6144:uzZfpi6ceLPx9skLmb0flZWSP3aJG8nAgeiJRMMhA2zX4WABluuNxjDH5S:wZHtlZWOKnMM6bFpvj4
|
Size: |
1835008
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
Chrome Cache Entry: 79
|
ASCII text, with very long lines (5162), with no line terminators
|
downloaded
|
|
|
|
File: |
Chrome Cache Entry: 79
|
Category: |
downloaded
|
Dump: |
chromecache_79.5.dr
|
ID: |
dr_30
|
Target ID: |
5
|
Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
Type: |
ASCII text, with very long lines (5162), with no line terminators
|
Entropy: |
5.3503139230837595
|
Encrypted: |
false
|
Ssdeep: |
96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
|
Size: |
5162
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
Chrome Cache Entry: 80
|
ASCII text, with very long lines (2287)
|
downloaded
|
|
|
|
File: |
Chrome Cache Entry: 80
|
Category: |
downloaded
|
Dump: |
chromecache_80.5.dr
|
ID: |
dr_31
|
Target ID: |
5
|
Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
Type: |
ASCII text, with very long lines (2287)
|
Entropy: |
5.555305495625512
|
Encrypted: |
false
|
Ssdeep: |
3072:i7bpK2pOwPnpW+DsZDbnjuBv5Vjq3B30GSK20YOA2ZPnpm6UzDnI13o2Mn5Pz5R3:i7bzO6I+DsZDDjuBv5Vjq3B30GSXOA24
|
Size: |
178061
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
Chrome Cache Entry: 81
|
Unicode text, UTF-8 text, with very long lines (5438)
|
downloaded
|
|
|
|
File: |
Chrome Cache Entry: 81
|
Category: |
downloaded
|
Dump: |
chromecache_81.5.dr
|
ID: |
dr_32
|
Target ID: |
5
|
Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
Type: |
Unicode text, UTF-8 text, with very long lines (5438)
|
Entropy: |
5.805818210652437
|
Encrypted: |
false
|
Ssdeep: |
96:uXqlitH6666te3H9M14e6O/yBME/+LhTdGPGjzttEg5clmjW+3mTHuRSffQffo:xEH6666t6O14eJAITd4uzAdlm334H3
|
Size: |
5444
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
Chrome Cache Entry: 82
|
ASCII text
|
downloaded
|
|
|
|
File: |
Chrome Cache Entry: 82
|
Category: |
downloaded
|
Dump: |
chromecache_82.5.dr
|
ID: |
dr_33
|
Target ID: |
5
|
Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
Type: |
ASCII text
|
Entropy: |
3.9353986674667634
|
Encrypted: |
false
|
Ssdeep: |
3:VQAOx/1n:VQAOd1n
|
Size: |
29
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
Chrome Cache Entry: 83
|
ASCII text, with very long lines (65531)
|
downloaded
|
|
|
|
File: |
Chrome Cache Entry: 83
|
Category: |
downloaded
|
Dump: |
chromecache_83.5.dr
|
ID: |
dr_34
|
Target ID: |
5
|
Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
Type: |
ASCII text, with very long lines (65531)
|
Entropy: |
5.43691224084031
|
Encrypted: |
false
|
Ssdeep: |
3072:2PKvjxd0QniyZ+qQf4VBNQ0pq+vx7U+OUaKszQ:EKvv0yTVBNQ0pdvxI+ORQ
|
Size: |
133778
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
Chrome Cache Entry: 84
|
ASCII text, with very long lines (1302)
|
downloaded
|
|
|
|
File: |
Chrome Cache Entry: 84
|
Category: |
downloaded
|
Dump: |
chromecache_84.5.dr
|
ID: |
dr_35
|
Target ID: |
5
|
Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
Type: |
ASCII text, with very long lines (1302)
|
Entropy: |
5.4843553913091005
|
Encrypted: |
false
|
Ssdeep: |
3072:D7yvvjOy7sipKTr3dH39oogNLLDzZzS7oF:D7yjOy7LS39mnhS7oF
|
Size: |
117949
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|
Chrome Cache Entry: 85
|
SVG Scalable Vector Graphics image
|
downloaded
|
|
|
|
File: |
Chrome Cache Entry: 85
|
Category: |
downloaded
|
Dump: |
chromecache_85.5.dr
|
ID: |
dr_36
|
Target ID: |
5
|
Process: |
C:\Program Files\Google\Chrome\Application\chrome.exe
|
Type: |
SVG Scalable Vector Graphics image
|
Entropy: |
4.301517070642596
|
Encrypted: |
false
|
Ssdeep: |
48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
|
Size: |
1660
|
Whitelisted: |
false
|
Reputation: |
timeout
|
|