Edit tour
Windows
Analysis Report
driverfixwebdl-8986694551.exe
Overview
General Information
| Sample Name: | driverfixwebdl-8986694551.exe |
| Analysis ID: | 648963 |
| MD5: | bb1d489eb833e8ea9c35ae9ab043e619 |
| SHA1: | 7a0c432b79c2e723c14f0d721a2dee3d29a29299 |
| SHA256: | 0b252685009906aa54b8bc36fa8cb3322a59badfcc5853fc60bfdf2914ee2f0c |
| Infos: |  |
 | |
Detection
| Score: | 32 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 0% |
Compliance
| Score: | 5 |
| Range: | 0 - 100 |
Signatures
Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Uses insecure TLS / SSL version for HTTPS connection
EXE planting / hijacking vulnerabilities found
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
PE file contains more sections than normal
Contains functionality to retrieve information about pressed keystrokes
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to shutdown / reboot the system
PE file contains sections with non-standard names
Found potential string decryption / allocating functions
Contains functionality to communicate with device drivers
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
DLL planting / hijacking vulnerabilities found
Sample file is different than original file name gathered from version info
Installs a global mouse hook
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to detect sandboxes (mouse cursor move detection)
Classification
Analysis Advice
| Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
| Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
| Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
| Sample may be VM or Sandbox-aware, try analysis on a native machine |
| Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior |
| Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
| Sample searches for specific file, try point organization specific fake files to the analysis machine |
| Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook |
- System is start
driverfixwebdl-8986694551.exe (PID: 6852 cmdline: "C:\Users\ user\Deskt op\driverf ixwebdl-89 86694551.e xe" MD5: BB1D489EB833E8EA9C35AE9AB043E619) 
cmd.exe (PID: 4076 cmdline: cmd /C tas klist /FI "IMAGENAME eq Driver Fix.exe" > C:\Users\ user\AppDa ta\Local\T emp\IsProc essActive. txt MD5: 4943BA1A9B41D69643F69685E35B2943) - conhost.exe (PID: 7920 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F) 
tasklist.exe (PID: 3672 cmdline: tasklist / FI "IMAGEN AME eq Dri verFix.exe " MD5: F8D74B8779B1C59977779109410C8F4F) - DriverFix.exe (PID: 6388 cmdline:
"C:\Progra m Files (x 86)\Driver Fix\Driver Fix.exe" - wait 0 MD5: A1BD982107C6435DFE7E0199A1BE7570)
- DriverFix.exe (PID: 8092 cmdline:
"C:\Progra m Files (x 86)\Driver Fix\Driver Fix.exe" MD5: A1BD982107C6435DFE7E0199A1BE7570)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security | ||
| Click to see the 1 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
| Source: | EXE: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
Compliance |   |
|---|
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | EXE: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | DLL: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 2_2_00406436 | |
| Source: | Code function: | 2_2_00406DFC | |
| Source: | Code function: | 2_2_00402E18 | |
| Source: | Code function: | 15_2_02460F70 | |
| Source: | Code function: | 15_2_024CC2E8 | |
| Source: | Code function: | 15_2_024CC030 | |
| Source: | Code function: | 15_2_0244A0F4 | |
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Code function: | 2_2_00404605 | |
| Source: | Code function: | 2_2_0040522D | |
| Source: | Windows user hook set: | Jump to behavior | ||
| Source: | Code function: | 2_2_0040761C | |
| Source: | Code function: | 2_2_00407033 | |
| Source: | Code function: | 2_2_00404ADC | |
| Source: | Code function: | 15_2_02442350 | |
| Source: | Code function: | 15_2_0244636C | |
| Source: | Code function: | 15_2_024743A0 | |
| Source: | Code function: | 15_2_024C85A4 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 2_2_004039E3 | |
| Source: | Code function: | ||
| Source: | Code function: | 15_2_024B020E | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Binary string: | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Code function: | 15_2_0245C3D0 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Process created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 2_2_004024FB | |
| Source: | Code function: | 2_2_00404605 | |
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 14_1_0047F640 | |
| Source: | Code function: | 15_2_024583F5 | |
| Source: | Code function: | 15_2_024D56E9 | |
| Source: | Code function: | 15_2_024D5D1C | |
| Source: | Code function: | 15_2_024D5D9C | |
| Source: | Code function: | 15_2_0246C2C3 | |
| Source: | Code function: | 15_2_024B02C4 | |
| Source: | Code function: | 15_2_024A0205 | |
| Source: | Code function: | 15_2_0247E38E | |
| Source: | Code function: | 15_2_0249C388 | |
| Source: | Code function: | 15_2_024B43F1 | |
| Source: | Code function: | 15_2_024D60E3 | |
| Source: | Code function: | 15_2_02456132 | |
| Source: | Code function: | 15_2_02456132 | |
| Source: | Code function: | 15_2_024A0188 | |
| Source: | Code function: | 15_2_02450134 | |
| Source: | Code function: | 15_2_024A41E8 | |
| Source: | Code function: | 15_2_02458651 | |
| Source: | Code function: | 15_2_0249C62C | |
| Source: | Code function: | 15_2_0244866E | |
| Source: | Code function: | 15_2_02458771 | |
| Source: | Code function: | 15_2_024A8822 | |
| Source: | Code function: | 15_2_024B6821 | |
| Source: | Code function: | 15_2_024CA822 | |
| Source: | Code function: | 15_2_024CA7DC | |
| Source: | Code function: | 15_2_024587B5 | |
| Source: | Code function: | 15_2_024CC42C | |
| Source: | Code function: | 15_2_024B64F4 | |
| Source: | Code function: | 15_2_024D04C0 | |
| Source: | Code function: | 15_2_024A25B8 | |
| Source: | Code function: | 15_2_024C6598 | |
| Source: | Code function: | 2_2_0040645D | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Code function: | 15_2_0246C4CC | |
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Last function: | ||
| Source: | Evasive API call chain: | graph_15-15355 | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Code function: | 15_2_024A86EC | |
| Source: | Code function: | 15_2_0247AA48 | |
| Source: | API call chain: | graph_15-15292 | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_00406436 | |
| Source: | Code function: | 2_2_00406DFC | |
| Source: | Code function: | 2_2_00402E18 | |
| Source: | Code function: | 15_2_02460F70 | |
| Source: | Code function: | 15_2_024CC2E8 | |
| Source: | Code function: | 15_2_024CC030 | |
| Source: | Code function: | 15_2_0244A0F4 | |
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | File Volume queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_0040645D | |
| Source: | Code function: | 15_2_024A86EC | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 15_2_02446AE4 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 2_2_00406966 | |
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 41 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 21 Input Capture | 3 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
| Default Accounts | 2 Native API | 2 DLL Search Order Hijacking | 2 DLL Search Order Hijacking | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 326 System Information Discovery | Remote Desktop Protocol | 21 Input Capture | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | 2 Command and Scripting Interpreter | 1 Windows Service | 1 Windows Service | 21 Obfuscated Files or Information | Security Account Manager | 1 Query Registry | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | 3 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | 11 Registry Run Keys / Startup Folder | 11 Process Injection | 11 Software Packing | NTDS | 521 Security Software Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 14 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | 11 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | LSA Secrets | 31 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 DLL Search Order Hijacking | Cached Domain Credentials | 2 Process Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 2 Masquerading | DCSync | 11 Application Window Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 31 Virtualization/Sandbox Evasion | Proc Filesystem | 1 Remote System Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 11 Process Injection | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | Metadefender | Browse | ||
| 8% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 4% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 4% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 4% | ReversingLabs | |||
| 4% | ReversingLabs | |||
| 3% | Metadefender | Browse | ||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| t.driverfix.com | 166.78.85.190 | true | false | unknown | |
| driverfix.com | 18.205.82.188 | true | false | unknown | |
| driverfix-prod-web-1395277531.us-east-1.elb.amazonaws.com | 52.207.156.224 | true | false | high | |
| cdn.driverfix.com | unknown | unknown | false | unknown | |
| www.driverfix.com | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown | |
| false |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| low | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 18.205.82.188 | driverfix.com | United States | 14618 | AMAZON-AESUS | false | |
| 166.78.85.190 | t.driverfix.com | United States | 19994 | RACKSPACEUS | false | |
| 52.207.156.224 | driverfix-prod-web-1395277531.us-east-1.elb.amazonaws.com | United States | 14618 | AMAZON-AESUS | false |
| Joe Sandbox Version: | 35.0.0 Citrine |
| Analysis ID: | 648963 |
| Start date and time: 20/06/202217:57:42 | 2022-06-20 17:57:42 +02:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 10m 57s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | driverfixwebdl-8986694551.exe |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Number of analysed new started processes analysed: | 19 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | SUS |
| Classification: | sus32.evad.winEXE@9/102@12/3 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 69.16.175.42, 69.16.175.10
- Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, cds.m3t5h2g3.hwcdn.net, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, slscr.update.microsoft.com, login.live.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, nexusrules.officeapps.live.com, arc.msn.com
- Execution Graph export aborted for target DriverFix.exe, PID 6388 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: driverfixwebdl-8986694551.exe
| Time | Type | Description |
|---|---|---|
| 17:59:30 | API Interceptor |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| RACKSPACEUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| AMAZON-AESUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
⊘No context
⊘No context
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 25313536 |
| Entropy (8bit): | 6.807030627753541 |
| Encrypted: | false |
| SSDEEP: | 196608:Z0po/J9NG1LmJSdRrEKmpcq2flhxd3atAvl5BY1gxes70A79qzzdgggtDhnEL+hu:SG/J61R/aAqNgxhA3zGggHE1J |
| MD5: | A1BD982107C6435DFE7E0199A1BE7570 |
| SHA1: | 7C8FCA8A2A1FBA0349B86556738ABD66B4AFE74D |
| SHA-256: | 4C0433C46A2FFA14D33CBF9F5D3DF5393FDEE609150BBE9A0768241F8A36255D |
| SHA-512: | 0243178D448835BFAAF242F0880C8125C1A1B612A682A96D48A4EA11D647C56FF61787722628014E036A106CCC6F601B9175FAED6EBF64960EC7AC327D4AF96B |
| Malicious: | true |
| Yara Hits: |
|
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50 |
| Entropy (8bit): | 4.623465189601647 |
| Encrypted: | false |
| SSDEEP: | 3:HRAbABGQYm/0S4aWQ4y:HRYFVm/r4y4y |
| MD5: | 0765DC0E97C08C7526B15A43C08B4EBA |
| SHA1: | AE0492539557076D5803D8021A6EEB98118C1576 |
| SHA-256: | B4642EF3392A09BB43F9624B816B2F53FAB743406579E100BC9159B80BC1C4CA |
| SHA-512: | 12C621C88D0609CB1DB0E601C6066A8E2F71AE2AAECC6276AD15156F6447E27739BBB71673E62EE8076CA73ED0850F6375B42BB6FEFBC74A85B67E0B6084D79D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 114588 |
| Entropy (8bit): | 5.950191699592087 |
| Encrypted: | false |
| SSDEEP: | 3072:KPOwuRKsNJthXK3WsHmpbWlJGBVrfRV2xqKLE2fFBum0/3lZbi+QQQQQKS:KPMC8SxqKLEy |
| MD5: | 77D353744697C77955F9BACC7F3ED90A |
| SHA1: | 573229CBC4622190A38ADFF3D906E0C1466802BD |
| SHA-256: | 8B32BC539CA95DDA2D2206A43234B5F3B0FE964BD25966C860BC80EC7F06D702 |
| SHA-512: | A4252208B0CB258F249B6826A1ED920B8CB67ECC57DA60333812F3515E5B351C739CE5640E9715D9725E4946693306DAD6BA1CAB40F7BDBE006B113EDD5F41BC |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 111616 |
| Entropy (8bit): | 5.983778293335529 |
| Encrypted: | false |
| SSDEEP: | 1536:p4waKhBCYALFqzW3k2+OpmFNZbtTsCJ2O00gT2Qr6QS026z2iAAbODAh/:GwOgz2k4idJ2OhgTbrcybP/ |
| MD5: | 6C522F09EFC8B83271666585F9FC6BF0 |
| SHA1: | CE2095485C0274ED904E096B80448BC48F56C3BD |
| SHA-256: | 09660C19F1773A761B2E56A05B666813DFD6E6196B4AD9D85FF881F29A30E839 |
| SHA-512: | 8F25D2665E30B424DB930ABCBA0784B2B66DC1513833801524DFB213B574D3D4268D187814FBD228337C1EFEF6BA6AB7135A002CAB7FF09C1DD8BD226E28DAF4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 121788 |
| Entropy (8bit): | 6.037691185917485 |
| Encrypted: | false |
| SSDEEP: | 1536:Vq4wad5AcRreeCo3s7VVc9lZKuDUlURVDXKMM9my0D4YEHdiBSdRRsEbHIG12724:V3wCR5Cz7g9lZtwWRVCtTHdiYHTIh |
| MD5: | 44DFE8CC676882243911A3197A50169E |
| SHA1: | C330D59F3E64E07A2571C2BA4F4109B20A168F69 |
| SHA-256: | 14F7DE6B616950395062902EB8F70F01C0A901223DB5D40F2A05728AC4A830F6 |
| SHA-512: | 6C07F27F63408932138D5D5AA048793371F28EEF16521DDA4180BFBF33A5E69860B87E01C24CE53C85E66F5D07075B25AC1FF33AA5709486A0921BC19AEA9A58 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 120312 |
| Entropy (8bit): | 6.031445733585841 |
| Encrypted: | false |
| SSDEEP: | 3072:Cwi7dhZmpq2eWNyiavI78aiQBqPssssspzQIDQfe/:D2jQjeWNh7bqssssspo4 |
| MD5: | 1BA4767EE37AAB7E8D34FC339C3538CC |
| SHA1: | 2007F546660221940E9DC6B9A3CAE9B72FBE17AF |
| SHA-256: | 2101C00B9C973A666BF128B3A776A45DF7107BD29116079EE00541A8863D50CE |
| SHA-512: | 1701E2A7596748801C5A5B74DBB5E9948BD7D862988C273E4EE746DF29833BFB9E73BDEDDA0557C10250005A1B200C5ED702C7693F5D37376392D5EF1C3E397D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 115316 |
| Entropy (8bit): | 6.055113603904019 |
| Encrypted: | false |
| SSDEEP: | 3072:OX84kE1mqnhiiGX1Vkuc4uo3plHxFF0oBKkz:Os4kNqhnG4/obF7T |
| MD5: | DB15AC7981B2D2897D1A3C22892B5A51 |
| SHA1: | FA540E486CE62D6883201B0A545C4FACF2511253 |
| SHA-256: | 01EF8D755F412A945AA0B1221BFE98852200B549C4F16AAD377E49937A30BD2F |
| SHA-512: | B0036DFA1938B9E001A67A241358221FC3A805DAAB61C26EA00FA9C0FF5EACBC38EBF4536DDE74F72B32189A7A7721ED3C4CA69C703995DD9C55AA044C66705F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 91460 |
| Entropy (8bit): | 6.009120867809845 |
| Encrypted: | false |
| SSDEEP: | 1536:qEP64g1WnZMwFbXkp3v8L1ZhzGGdY1VwJcjozWIzE9URfWrqmVlQAlpAFVd8ySJx:7Fg1rwFbL1zi0Y1VwJcjoq3aKFVbGFTu |
| MD5: | A567F4A8E101CB600004E09526A1A170 |
| SHA1: | 4E75EBFF548EF432BC417E8686D52FFB7C9CBE35 |
| SHA-256: | 95A84782E0797D27D079D9CC6AB9BB24EA67558953099BF4481C08E95B2AE70A |
| SHA-512: | 2D92A4FDF72F86F45044BE2A2F9D90A09CAB568BF02F79DB134A1B8F940D61AC500FB888136D902A6A16E12C0767F56EDB49EAC741D4730344BC4E7B81098A57 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118352 |
| Entropy (8bit): | 6.041382213433709 |
| Encrypted: | false |
| SSDEEP: | 3072:SwCRbQGhMJ3eehZRVFckGYSEDdb/fNuue/:TGYDLpDZDw |
| MD5: | 56C4CB26FD6A48B9C0EBCC07B376EE38 |
| SHA1: | E4CEA8035A258A869A6139FBF74E6D0C247BD49B |
| SHA-256: | 1A63DDA1D2F019336E934E41D7FFA8F3E5F4CEE0EB6A0C4734827DBE09CE5015 |
| SHA-512: | 4528F40A06E28709FA301E2DD3B6BE26F075926F0983C3053D4ED83B892880E089792CAFF1348DD0D97C5FF92A3346E504A2B0A7D12D96B2232692BC08A3DFF0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 122524 |
| Entropy (8bit): | 6.027315404114728 |
| Encrypted: | false |
| SSDEEP: | 3072:A9r4kNemwt5uwwImc4m+IyMAzpGzmjsUmVFRYGxTNKswDIg44+PIJmront+Z9nn8:Ad4k2jlOGGseMKD |
| MD5: | 5B761F2D1E4259EA6AC7AB3EBF7F3C49 |
| SHA1: | 6EB95108FEF81BD8CFBF7E20D4CA0634E5989019 |
| SHA-256: | 05903540A0675491FDA9015A78C05BB589769951BEFAB12A58A5568175566B49 |
| SHA-512: | EFD53F275C701A2AA89068455F9A86F926CB73EACC45E3AB9767711BC9B08E70C145E6F1005DFFA1DA70058CAF1475E4B8F2B2BD26E1CA080351E60307C65F1B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 91600 |
| Entropy (8bit): | 6.123498339637911 |
| Encrypted: | false |
| SSDEEP: | 1536:eEP6mX7Hybas4R2PfbBqSwQ/mVa9aftoB4YE8dKVu/z+u:36m+b74RsbkSwQ/mVa9aftoB4Y/oo/zJ |
| MD5: | 3D747D8BF464744EECB91556D86DE11B |
| SHA1: | 584F340776412F77F04DE06EE04348EF823D5097 |
| SHA-256: | B1AF3A551A7E2D9FB640773197A00F6970A2B9C6699B0C786059A37453D5D12C |
| SHA-512: | 2C54688279CCD06908831B203855F4C82228FBF11508ABEE1BA23B14EFE14CD7B6AE4DF9DB7972F88CEA29760FE76F13B11B81AA60B3C46B364D606771E85379 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 120196 |
| Entropy (8bit): | 6.011827637054103 |
| Encrypted: | false |
| SSDEEP: | 1536:zsV4waPQATR26yK8rdDXlvgMCkXRosRV24+DbOR91pJq8Q7AjtOn2/SVAOYfrbrK:znw2RqTdhEcRVxCbG9D8cjtOn2/fFs |
| MD5: | 7F690E503A254E0B8349AEC0177E07AA |
| SHA1: | 127F241871A9FE42CD8D073A0835410F3824D57C |
| SHA-256: | 7AE714B63C2C8B940BDD211A0CC678F01168A34EEA8AA13C0DF25364F29238A7 |
| SHA-512: | 329B4FCD0CBB804324A2A0E41542B64949208CFFB18D38AF50A7CCBAA007C0BAF2B241A8077B4DB0F6E97385E65ADA7D73F6D06A5E55411D549B5A3BF29CD641 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4407 |
| Entropy (8bit): | 4.977462990679356 |
| Encrypted: | false |
| SSDEEP: | 96:66nPUibMxxUDfGkKnjfRU88f+BktjVKvR1wyQeQHDZoN:69sMPZW88f+XvR9QHtE |
| MD5: | 39591640D6982378C43EBA1DB4B68E12 |
| SHA1: | 76897B37E127E2332A1A79AAB2E0D6F30CCDC47A |
| SHA-256: | 74BA064D03F1F1C4A952DA936C3EB71866C34404916734DE3CAE73B34357E59E |
| SHA-512: | 0642DFAA45C5E189E2B21DA1961E348CB5F601B81FC601E8FEBFBA51FA49F8CCE416EFD39E442DC2B3DFBA8AC8FCFF3C1D0BBED74CFC834A7A1E30322D870B16 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50422 |
| Entropy (8bit): | 3.600862091495117 |
| Encrypted: | false |
| SSDEEP: | 384:htZ9nyjy/JcndwvdPyFOIeyC8CQaDGsNAscjbNWMW2vkVF8+esajrvDELFCZSH4s:jZ9yjyBcndwvpyFxF58wjENcYkSJKnU |
| MD5: | 34D34A8ED673BAD66B456E1BC1A4260C |
| SHA1: | E88BF53F445D6705325EF17BC6512A353EA7189A |
| SHA-256: | 05022FC6D9EBC1E5E1516BE75FEA0BCA0A55C0CF884AE30E70E27ECCC94A9F98 |
| SHA-512: | B27EE6D5103E32018074217C8E91DA9FC8CF3A39C0AE3437ABFB0171846F359D6DB4AFF2DCDEA21054522FEC3801D18512DD2772B722787DC291CFC8685B51CA |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 49660 |
| Entropy (8bit): | 3.4178172579705404 |
| Encrypted: | false |
| SSDEEP: | 384:I4PwZ9VyVHULA9ZEAU4ZATWtwoOzOaXnsm34K1qZEk1FVFjiFHARGMZqivCW6cWi:dwZ3yV2A9fU4KCeqy1LMkfexF |
| MD5: | 35E804ED8943C2D335AE01EFD6D15B5A |
| SHA1: | A7A188ED035341861A5D6409AD6AD6621D6C3DB4 |
| SHA-256: | 7ADA050A0DAFFC7D13887BBC18E27EA1B51425645A3C5D274B2A74E3EA0CE2FC |
| SHA-512: | 35D6E6451AD1AADD20E0997C65BC3EF64D9EDC8F32622D1339974415E132DBF1ED1CFAFB17E6716B890B72CEE0C659A69A8BE1D6A71310C432F79DCBF5C445A5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54846 |
| Entropy (8bit): | 3.456156512048811 |
| Encrypted: | false |
| SSDEEP: | 1536:z/gawzQve2KtKnQ7fQOaC13BcHfisd94c:z/gawzQve2KtKnQ7fQ+13BMfisd94c |
| MD5: | D1A17BDAFFB466998103CC03AB132E44 |
| SHA1: | 689E0A1A10BD371F48202B360A3482AB39F539F5 |
| SHA-256: | 80883A58CC3C4EDD98E5D931E57ADCC039FB0206FC884E763BE152BC2E231076 |
| SHA-512: | 112D0B630B9E2ADAFC66D5F746BEEFACDC95C50143702FD64DD12E00ECC90B54E91127C2937A259D1AD25C4D012259605788735D54DDE5692C41568E32E93DB2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51500 |
| Entropy (8bit): | 3.4068786988911266 |
| Encrypted: | false |
| SSDEEP: | 768:oeZKS2FyrtUmfmswq2GBb5qZ9/LCMG0Y+e5bhxf3:oDS2itqGBbgRCMKvbn/ |
| MD5: | 69C2CCC5BF10F64C877B066D03FF73AC |
| SHA1: | 6BAC182730A92CA63E4A1C5C73978DF95A176124 |
| SHA-256: | 935F9275B94F15C1AA8794F8F5463AB57F0EA3C75A16D4336137B9C1624ACE50 |
| SHA-512: | D81945FBAEDA1A2BABE4B10CED50C432E73CBD966EE6A8C2A0C6E43B8DCB535D2BD819F4AE94406E646408FCF22110DE1B11312F12CC261CC285FE5D700BF1A3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54096 |
| Entropy (8bit): | 3.3922298323026845 |
| Encrypted: | false |
| SSDEEP: | 768:sZ7X4iI19SznpMfPXXXy1Km1yGBVNF4I/6:cIspMfPXXC1fzB/FX/6 |
| MD5: | 4CC635AB43B5B64654D113C9EFA424A7 |
| SHA1: | 9C21F4F336C2B97C7A49ADFDB3B3E1861638E952 |
| SHA-256: | A38D6A58E6C4D9C8EFEA626C117BCDBB332CFB4A82E00182FC4E9DC6113FFD5B |
| SHA-512: | 817C4A374C0CAD235EB31DA874F647A4865CD68F54EB8EE95E8293E947B4FE0C5050F6F8E5285EB7D2ECECFD36BF3D856E18897657170BF592CD0E07623BC504 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50170 |
| Entropy (8bit): | 3.4294331449709876 |
| Encrypted: | false |
| SSDEEP: | 384:x0ZSu/W7ykC17fHDS+IvZlcXkM4dsAv5ZzDDDhBfxoGjAR/NNwYNYCR+vRBtaN5e:eZMyLDDlIe4Zv3zFsY3yDm |
| MD5: | CD886F1ABCDAE90A36C759ECC3DDD108 |
| SHA1: | 9868B056D268F323E671605CB195638B1241E703 |
| SHA-256: | 13AAA34FC331673041972CBEDC586E92AE08E1785931D74B2F6F8596A7F18896 |
| SHA-512: | 7C82BEABEA364BC7974BCE4E034296C9CA7C9A9AAD4B1844E7D7431B1C98376436A9ED32AEB25AA8B1A506A29791F5ED649F2CD2792AE7015FC9FF9D03FA7D6D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 55666 |
| Entropy (8bit): | 3.4330430664962557 |
| Encrypted: | false |
| SSDEEP: | 768:R+Zz+6r1QXNVthvKjD+0JPBvTEjg2nDm4E+KaV/KR9Q:ELghvKjD+oBvSpVEzax |
| MD5: | ACEFB237B6F363AED1C1E38A4DB13B25 |
| SHA1: | FC8900063269A81A3E55EB158052AEA4994FFB18 |
| SHA-256: | FCBF122BF86C07D506021B39D9518BA653F4CE7421E3BF9E4CC95DD259A43203 |
| SHA-512: | 91ED192B2D468F2BFC1FC2BFA2BF5E9A17AD8C9F42856E8411B9B741CE679936839B8A95684731D946E1A01018A3B45F3537A8F18EEBF0624877A4F697BDE50F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54666 |
| Entropy (8bit): | 4.37817556742197 |
| Encrypted: | false |
| SSDEEP: | 384:GvUFGxfbO85Dl3HWg/HBy0SGCrOfyLr2fqDRJNUanFkJHtFL/A9QI6biIJ8d5uDK:tGxfbLpYN0IA1JHHLY94u9W4GwD |
| MD5: | 358E6A625A94CEADE289C099B02D0813 |
| SHA1: | DAADCCC746F56D630853DCC12196553719AD04F7 |
| SHA-256: | 259FA88C50681D3D288A62CCAB2AD7C37FF120506DD16BF0B15406A5CBA5D5CE |
| SHA-512: | FD8EEFD5FEA89AAF7219C561C3DF7CB9651C34DAFCB8EFB8016F2602F9E92E4121B17134462208F043481D08DC907BBCB1564895D0686EA9B757F4E0EC28AFB8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50412 |
| Entropy (8bit): | 3.391278707167974 |
| Encrypted: | false |
| SSDEEP: | 768:2CZkoEMZ5fjZhrYJQNffuRGW6PlDOWaND6ybfD5Ch1btddjIhh1ulimbb:cGdFcfDovs4x |
| MD5: | 885E07CC720D8EADA02D6BE8027C5666 |
| SHA1: | F1306E72464914EEDA749D2BCA320D5A469F081D |
| SHA-256: | 532A72D3C3E798475FFF44467064120CDE499809E96AAF5DCB61CEBFF3839C84 |
| SHA-512: | 2A64885E07CFAAA38239965F6BE8A5D847C686D20B6499E062F185B3F0F4FE6DC73498987013760027D06462A07B72373DA8E9C3091DA588383A8604A0D3C461 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 39122 |
| Entropy (8bit): | 4.639330473443025 |
| Encrypted: | false |
| SSDEEP: | 768:ZhHjV2T581X1PWDGV7viqjSbwYiqG4+ahRtfixa:ZpVlqaLiqjPYiqG4+ahRtfixa |
| MD5: | 38CCFF74E55F7A0D86A0A862232D0F37 |
| SHA1: | 317BE3F8B93C7DD3EC216BA831D4D209051EBCC5 |
| SHA-256: | 7BEEE105F9AFEA096CBED05D4D2F2F6E008D079CB5B636039579059C4B765DCC |
| SHA-512: | 94F44D3964A71EF17043DC97BA908387F419658072C89D0F54CF96FC7CC754CC9440113D74B1D0A7597B9B5F7E39059C277AD3D5BD7BF15386C9F6215A7635E7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 38472 |
| Entropy (8bit): | 4.6322083170928074 |
| Encrypted: | false |
| SSDEEP: | 384:/dr0UxaIRBVsY00N3pH3kBKu0NT6ULRQNeO0b9FAv9CNRzKJWyPJ5oOsJAYrKVI:/CUxaIN100NJ3/T6UyAYkI7O |
| MD5: | A780E4AA7D209DE987178D2AF3917124 |
| SHA1: | 1B2A952FFAE630C7F78DED252F2440DC5A7BF3A5 |
| SHA-256: | 44CB8E9FEF66813562B801F7DBA434584FBAD85AC34942A6E51ACA898B5AD6C1 |
| SHA-512: | D091D45FC92ED263874B07FC7A9DF1BBCF2A54B4843C6938794D8353E501DFD030D215BD6F62382DF97ED3C2479FA3C39693ECB5C39E8DA1BE0D611C41095375 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 49664 |
| Entropy (8bit): | 3.414876135531575 |
| Encrypted: | false |
| SSDEEP: | 768:PHtmINZV9yhLK2g2O0k4BjZQOVYQqOA+LV869ZR:PHtmI5ALK2OP40CYQqO786F |
| MD5: | E2FD0CAB6F1BF629F54A45F0A0954FE0 |
| SHA1: | 2B6B74E078BB75317ECE428A79F7461FCA766C41 |
| SHA-256: | B554AA9F1E2F5FD65DF7337474019CD834B0E9ABF60BFDA521AB8E75950858D6 |
| SHA-512: | B6B6C620128A020D3C572B9E597D78541533FF16C17A5D0FCCC9CB16D99E387FD64EE2F59564DF9DA1F1DA9A9F129C02F87DD093D1EE44AC21F03ABEFBABF971 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51234 |
| Entropy (8bit): | 3.5757156592155184 |
| Encrypted: | false |
| SSDEEP: | 768:X9ZCwhG1WS9+V33JbbXuyl+ZeRlo1dxb38GbsL:GWbIZeP0xb38GbsL |
| MD5: | B10A90474792DBB466E22120E524EA4A |
| SHA1: | 17E36AC22F4ABCCBD8261F276CACD7D1387B31CC |
| SHA-256: | 4195277825B17ADC3D6F01F9B55A5BEB039D3CED2C9D2A92593990880D3583CA |
| SHA-512: | EFC739B676F8DFBF2F7807864F74A7F87EAF7AC62EB7E268BC285C3820714941487568CAB9879D899D0F533E81F27B665C62203C531F7346A381DD7FF32A7247 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 53510 |
| Entropy (8bit): | 3.419487703240557 |
| Encrypted: | false |
| SSDEEP: | 768:VBLZBIKCZgFMJ7ftG2IQzlCKogW1d5SdnhwQC:VBMKCZF7k2IKlCKoguSdnhwb |
| MD5: | 9C93E708A41C93533362551562E54C0E |
| SHA1: | 26DC6BAD4063BB1B9C16EC3BEBDB10F1A3EDFD4F |
| SHA-256: | 716F161781D243CC2584232BDCAEAF727F74FA2B758315AB8A75CDAF9BE184DD |
| SHA-512: | 938D81663C145806186B7CE5C1900CD8B8091185BBD992156A435790E269D6260F2CFFFE7F762933F77B8E1413FCDC339F0BB4F46A59BBB15543D30D8CAEC6CB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 49016 |
| Entropy (8bit): | 4.270704756379873 |
| Encrypted: | false |
| SSDEEP: | 768:o+1hY08MCG5+HVEn3qQHwIfE2Db0Jx7WD1:tjqm3qyECIJ6 |
| MD5: | 4A0228DE7A4B96EA7A83E7C11C290A70 |
| SHA1: | 1B0BA95EF07BDF5F3DF8A18E06ED14FDFCB5B8D9 |
| SHA-256: | 5CF1F24AEEF0C5D0E171342D13593C4623484C55F8FE544A66E68C9B902AAA5E |
| SHA-512: | CAE205E84B458E7D225217BFB9A2D2E176FF6FD924226081CE9FE80929FBB13EA1AEB3AD8A9015ABDCD1AD79ED29CDD6862F68B214431056A2B3AB1916237EEA |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50578 |
| Entropy (8bit): | 3.4264722465972755 |
| Encrypted: | false |
| SSDEEP: | 384:oNZ/a6OIwdnyttzOSL8crB+NskPX2ZajbVbO9CbVg/XNEBBLaJdE/Z/WEZJ5ARhx:oNZC6OHdnmOSiPX2Wb29SLTuIKd |
| MD5: | 104758B214840F732BBF5FDDEAE10385 |
| SHA1: | 6E996C62815AE2E62162C5B6FC61AFC6AF3945AA |
| SHA-256: | BAAB9275A5B2E8B716CF73EC4E9A7CCE9B6318A231DF6A52AEA7EE4364202522 |
| SHA-512: | 4FA03AA207B13943C415B2BBEC61D84DD76E0058767A1E50CEF2ECEE43065BFF09116CD894C0F2ADF4863301C4DD9886553E76342F556FD2A5EAD04B053BF1DE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50818 |
| Entropy (8bit): | 3.5964625626852618 |
| Encrypted: | false |
| SSDEEP: | 1536:fiUUqMgmoyfuleYcJ5ZF4aYcXb+isWtBYTjOQ7g1K1iHaokWQZdneFlQm:qUUqMHoyfuleYcJ5ZFacXb+isWtBMjOL |
| MD5: | 97488F5899D4A036D7F757958E864924 |
| SHA1: | 9A35314342580F59F4253F73EF5DA3DC18842AC5 |
| SHA-256: | 1DEB8EB87F9CCB1909AC7E00D275AD0B8404B9E75BF16F293430E9E6E96B96E9 |
| SHA-512: | 1E44AA1E83B91945E72C75742DAE336451B4D055A25605A21142B63DF42DD834BAFBBB47CF02CDB34095E3756EB18DD3C2397CECCD775F5B5CC08007B1549BDB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 433405 |
| Entropy (8bit): | 4.64275199317527 |
| Encrypted: | false |
| SSDEEP: | 1536:GTcuDoA1NBh9v+00dt1rjYeyJ814AJvoR6QSvHJlov/fFK5dFKC7/KPRu+g+U6Nq:GTP/b+00mV/0RC4 |
| MD5: | 923C33B01C5030323870F10FFABA3FDB |
| SHA1: | 3117985C4A5572A796545626601DB53982B18A00 |
| SHA-256: | DE4E133112F49CB9A9299BB26750BD1334521E9DB414BE8E168AC9FBE9E461E8 |
| SHA-512: | 7CD8828E1CE90919F87F75000711F2741B53CEDA8A88D7646FB99FFC4720EE3A2E33997284C9C1C3BCED823D4C942F12D7334A417E882536082E6E41C3588887 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1252608 |
| Entropy (8bit): | 6.849057121567248 |
| Encrypted: | false |
| SSDEEP: | 24576:vHYSVzcy9JHhxHYqGBfv7CwSW0SwTqKJq0V3pRe7m2nX+ugzu1G:wWzcyjHhx4qxOh0V3pBguy1G |
| MD5: | 26F50AC24BFCC919B692C1B03C3546B5 |
| SHA1: | 6DA9D55089737922E2E67E66AADA3DE2424C5663 |
| SHA-256: | 07F08000B5D434F7EF21B468BD1502DA7823EB7BA15266A3B6BCC92877B7910D |
| SHA-512: | 445FBC9B3E4A9E1F31C0D31FF77E3FA3AC30B5DEF6FA458635B7582D99D3C551BBA1587861FB335DD3528B13F60FC6FE7912AF78631F887EA599494BEBF297E8 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 912128 |
| Entropy (8bit): | 6.203643553136185 |
| Encrypted: | false |
| SSDEEP: | 12288:GyWq8D0V3hzCMq32qdsii94mpmZYvm3j81z9TrGQFFPERLwfzOIYvP0XJ:p60NIM6/aii9RmZYvG81z9TyoPEK/g |
| MD5: | E019499EB848BE1397A3900E9C3957C5 |
| SHA1: | 10C9108D163C7F054D51F347A9A3AA2CCDA6BF41 |
| SHA-256: | 17F7B2EBCEEBF01C2F8633A0293B65C003165C12E8CED9B1996DCC5A0CEC2C78 |
| SHA-512: | A76E848763C93A3A5454ECF624D89D25C8DB8D3C2D13EE4DC6D0B3A0FE380542073D5FFB909F48DD6982B57017859A0E1D13E96E69B3B3A5B7F2B9162F418768 |
| Malicious: | false |
| Yara Hits: |
|
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1191168 |
| Entropy (8bit): | 6.742301124847814 |
| Encrypted: | false |
| SSDEEP: | 24576:ZIfI8mB7k7u58tRIqQaSp11OHpkfwnJOvsuzs9LwmaUbZs:ZIgvyUYk1oO+9Lwm3Ns |
| MD5: | 9A02F6FE96EEBD97D5F10CF7D630BE54 |
| SHA1: | B806015F39DF408B42627AF5721460D4702EAF68 |
| SHA-256: | 5E24431576800C2FED82147CAEF76FF10D6B61AF3588C295226FDA23B0DB46C7 |
| SHA-512: | D569D062CD16F4DA9A97373705486B59C89558F5AB491D373F1C7450865757045CB705E9CFDD07BBA18F597F84B415FEC7E1B81DDAF3DAB0DD58F703AAC881EE |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246528 |
| Entropy (8bit): | 6.425523238071144 |
| Encrypted: | false |
| SSDEEP: | 3072:LWzfAQwIlcdCwM3ypapbIKi+DTJrDsUmBmeblip8vqkcfFQQka5JtrhreQ:STAWlcdk3LpbIR+prD0Bm6Gkai+JNkQ |
| MD5: | 2ADC3D68B6FDCFA88F3DBEAC8A249CFF |
| SHA1: | B604B3A9EFB281F39138BB9722FD831C08367759 |
| SHA-256: | BC52588D670AEEDC212E2CCAC55BACAF53DB3151F6697DFA307EEE9F9D1443AD |
| SHA-512: | 12AABEAA4FF181D76F9B0B5466565D729EE23D1C8FFDB47B0DD17E6E63CF4B4AD3DB6CA87AE644F73B617E897A633DA96750A0163A3CA65BC51B96F2AF92E870 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 155469 |
| Entropy (8bit): | 3.318516537058068 |
| Encrypted: | false |
| SSDEEP: | 768:gVlFAdCYcXKcqTglbsl7NNtXI9iG1Wxf8cEo6SaBHEU/o1UHM5AakpZI9WxYEP1C:gKCYcutQZ0d8xl9pGQ4P9WxRg |
| MD5: | 0634D28573D1B653E01FFF7281AD95BD |
| SHA1: | B062079806F03A6607A76894EE87E0AB2C158A1D |
| SHA-256: | 7D6BE0B2867800A61624BDD35CDF774EEEEA513F8054F63DF025DCCE04724A6E |
| SHA-512: | A0C06B71F3E3A8C8EED2C623577D1D47CB67D2B70749DB84062988DE50361C6E78DAE970C16BFD8068486313273ECE98C3F3C300B2F8B26A2AB9ED15ABA37C0F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1647360 |
| Entropy (8bit): | 7.982436357222534 |
| Encrypted: | false |
| SSDEEP: | 49152:Lf8PIz+8Q05Tbp/6WQHswlxYNgnOijWqWc8Eil+DYMuj:LkwQ05f2Zl+ODjWq98EilnMuj |
| MD5: | 0AE91373BC5F90B02267A7EFEDB6C93D |
| SHA1: | 2883A3F7413488145DA751630598C1CEBE293D46 |
| SHA-256: | 8F2BF70C3E12945CAAA3F7040F4003A7CB0E2ED52FAFCFEB3E5F4EDB44BCA88B |
| SHA-512: | C563C894B6CC54FFF582669FE5B89B92C8AD676FF1F30BCBC9188158CDF43ED0E90E9B91419B7BFDB0C73D8C008D010A10944D7FFC446CF81BB4542BA92BB77A |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 313536 |
| Entropy (8bit): | 5.854124173737284 |
| Encrypted: | false |
| SSDEEP: | 3072:+weqOYEUXPnD/3n1wwDdbJEDzumxBoZIyr2EW3AC+OOU2HMVIuw1+P+lr8XIJCQ8:LEUXb/rDdbGbWn2S6FwXGXIkQ8 |
| MD5: | 59D0B979743885678094D11A9C1804BE |
| SHA1: | E2BC0DF8E40A5A7F3CE58E2D134D9D1902892A65 |
| SHA-256: | D579DF12DB8DA6A538977653DCE8C6BCA0CF90BAF5085E0CA8C5FAC29E16F396 |
| SHA-512: | CE1BEF3059AFC70B448775502F6C6BCE2B5DC957752E725EDB0D2AE2AB7DC2B188AAE61409800ADA761D61EBD36EA3AC792FD58C529AFC5E23836A8FC1AC5ECD |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 154553 |
| Entropy (8bit): | 3.298351102656855 |
| Encrypted: | false |
| SSDEEP: | 1536:8w/HXn1wwDfLL1gD2srl5cMiiXK7OueyJkk:L/3n1wwDdgDzuPJB |
| MD5: | E37ECF71663F47EA4F5BC7E5631C2C57 |
| SHA1: | 1B0474419B06464A4A25B65704763FA2D2B12B94 |
| SHA-256: | 31BC0E18416E627C2D0A2AC0F833BB9B48B572BFEE5054FC700C3152EA56C212 |
| SHA-512: | 4BD89433405930C9EAEB2730F003711B161FC96604007F1901985AAACC066F0D5662A3B308D95F23FA1C62B1D1309C12CF7E9D52B7B54EF54D1E9B04EB4FC20B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 156522 |
| Entropy (8bit): | 3.745644683821359 |
| Encrypted: | false |
| SSDEEP: | 1536:cqKwEt7GNb9uGX0bO9nzD4ir1J250d8Er/:cqvv9u+N34+ki |
| MD5: | 1D16C0E5F3C080AE43F72F93A09D0F55 |
| SHA1: | 95955E03D4D468DCBF6ED087D79EB5E756BDAD94 |
| SHA-256: | 003B4D46DBFF3032CC4A2A22DAAC45B10E4FEE42358F43E102BCBC0EB1CCEAB3 |
| SHA-512: | F898A48E21835B5F7D32AC63AA5DFA1D974A5E3C222BCA4F1283219C14090B30AE83A57988B2958AB3988678873CED92735B4BF9E452EF841E5167D14BD913E2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1984 |
| Entropy (8bit): | 3.338922319240071 |
| Encrypted: | false |
| SSDEEP: | 24:8IKvdOEF8GnazYbUAmyGQdVAMdVldVkJ8HRVUUUNSReabwMb1m2:8IodO70jmQdbdfdaJGDAa0M5 |
| MD5: | F4D8F21EB3877463CEA4C4654DE6A078 |
| SHA1: | 6A94F58197D78B2B9E22238961563B260C63C817 |
| SHA-256: | 98E2652AF72FD0D6F2B9C837648CAD16C91991B00230F437AB360A4E4E01AAA0 |
| SHA-512: | 5A570F2ABFC5149AC5F37EB5079CFC6F0221E186362995556E63316A927594CB5A81CB71E0ACA3DDB9F8DE6573B4A40F8164472B4963B01610C1B460784E2BF7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1978 |
| Entropy (8bit): | 3.3274701122657016 |
| Encrypted: | false |
| SSDEEP: | 24:8f6KvdOE1gs8+OUAmyGddVAvdVYdVkENkJ89jVkENMUUAMabwMb1m2:8CodO3jmddodydSkkJaSk5Ya0M5 |
| MD5: | 7EFAB839FDF5F9FB3AC0511479866EEC |
| SHA1: | D5E16915928999F5D59E0D5B4B047CE61F9A5128 |
| SHA-256: | 835F845902CE083B67AF37D52ED112E3DEE537ADAF6F7F886C88DC59B79CF93F |
| SHA-512: | 90D312B72462B1304AF483CEC7FA1830B244C9BAB0CEC91289E9AC395ECBC04C4588679E172F8A72A01F37C8A98A99005B4B5ED1E07ABB739F0821D7B5F09514 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1960 |
| Entropy (8bit): | 3.318409416062875 |
| Encrypted: | false |
| SSDEEP: | 24:8UKvdOEF8Gs8+OUAmyGQdVAvdVYdVkENkJ89jVkENMUUAMabwMb1m2:8UodOajmQdodydSkkJaSk5Ya0M5 |
| MD5: | 93BBBA1362A2D05A78F98893B11AAC37 |
| SHA1: | 08FEF161D8F2DEE846BE03FA6418F70493F9A13A |
| SHA-256: | 5158919BA82D1403D695FD360889C1DD7EA924B7182389783F970DFB5FC851AD |
| SHA-512: | DD4E52C89A3BA93B2C63087FEADB503BF8CFBE88761DB96954DC48F2EB89B70380D91E311467AAA83B80FDA6550625798D2E2A477C6E0DEAF88FEEA9734F6B7B |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BJM855OV\driverfix_setup[1].zip 
Download File
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16309976 |
| Entropy (8bit): | 7.998518443152034 |
| Encrypted: | true |
| SSDEEP: | 393216:Ntv8cmcQHK4gy8AttwCH0yoDRPaIc1+8iMAFSfbiEaE:NlGpK4gyNt10FDRPaj1+9Sf7D |
| MD5: | 29C2D960995F48C81B46F1FA0C352B74 |
| SHA1: | FCEA8B5A68AE8475F10AC7D276ECFDFFA1EB3B2C |
| SHA-256: | 06AA0E486A8886DDD8D7BF810228FC02DEA46B8F4B60A40D3DD0201CDC156775 |
| SHA-512: | 45BE1DF5DB0F2E15E2E689D8B93FB4EA79F663E458E68AB632D0A146F49ABB7737BCB308EE7A6B31DBEECB68E721E082B12416895B5DECD9EE3E8167C8B4BFD5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 18410 |
| Entropy (8bit): | 3.362136772778397 |
| Encrypted: | false |
| SSDEEP: | 192:TBGer6YkEPst3jshCs/3/8VHKxDhLBjRTBDhWOTWfWrBrB7Bjx7B/dscTu65POcE:1r6Yfs3jYN38BOKfaqcT7YjU+1oly |
| MD5: | 9AA115062EC5F4A3E592E86BC7678B6B |
| SHA1: | 082D574235E03C7E3408B414FA0B935518ED9EBF |
| SHA-256: | BE6F59BD028E2746257A966E8F6CD32F0C418BF5FD00B136B9117C2C5A4017E0 |
| SHA-512: | 874035E8556C73D1E0DE5019FCD8040B460C022B72205E7974093CAC38C86C6C73F6AC94F9D3F5A6D792B57B16D21A58FC1F7E8FC4292E67AE896DE5F86948B0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65612 |
| Entropy (8bit): | 3.3051631427675336 |
| Encrypted: | false |
| SSDEEP: | 1536:ajNwGLYBOC9kujWOgmvCOzID5qGIAixjK6uo205cFjCn7/cRWnN9eDmNRJeV:ajNwGLYBOC9kujWOgmvCOzS5qGIAixjU |
| MD5: | 803078EB3D56797F674F615DA9376745 |
| SHA1: | 75CD838D485A0336979AA75B4318C19355162FC6 |
| SHA-256: | BFF5E152548178576DBDA0BF930F86062460BBC14E50ECEDA0A879AA1AC8668C |
| SHA-512: | 3FF073239811F122D29CA803B81F21A03245998CEAFC628D7F5278522A5FD77CC5DDE1801A76D427B1A361E770EB8FC4FC03E2434CDC001EE159255D36A9F9DF |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\cmd.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 64 |
| Entropy (8bit): | 4.3256481953738835 |
| Encrypted: | false |
| SSDEEP: | 3:4kFerEJHXAtQ/ZZaFI12WMMABGVcb:fFeSHXj/XaTWMacb |
| MD5: | DEA052A2AD11945B1960577C0192F2EB |
| SHA1: | 1D02626A05A546A90C05902B2551F32C20EB3708 |
| SHA-256: | 943B315E065238B7073B033F534EF954B6B6461FB3F03A3F5B8555B11BC4C0A2 |
| SHA-512: | 5496B10E2A77AEE11055D71BDAAED835DF1770E85FA4D0F9433330470BBCF76C932C04778A0B47F4193EEE14813DB2E2B19ECC50B4A6A193FAA19B4019705917 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66 |
| Entropy (8bit): | 4.487300847078025 |
| Encrypted: | false |
| SSDEEP: | 3:N1KdBLdzXQ4KTF7LtUlSdBiZbARALc:CXdzA4KzUlABcb0ALc |
| MD5: | 9F11D7B0D8A9094C85662AC83312CE81 |
| SHA1: | A62D0E4A77BFEBD2EA9A49F6A9BEE4541B385ACC |
| SHA-256: | 3B3F228515E697B1DF1F024DA279E9C7C255B46B3ED97513440F8F32A1397F2B |
| SHA-512: | 5F77EC3C4581AA20A39483B27B02C72A35E9456CA879BE2011C2481A57FA8A9C4AD172E73051A5084FC8CEBA54822E21F7A74E41AAA7444F3CA9F5B87FDA6C92 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4886 |
| Entropy (8bit): | 3.5984703969402934 |
| Encrypted: | false |
| SSDEEP: | 96:Xv66ZCEmUTHR1PUT7TZ8rLJ515/X8PUT4Gov:XvBQoR1P97/X8PN |
| MD5: | 6F71CBDED5BB00E28084C74CC3976440 |
| SHA1: | 3AC8E2F3E6D63A71C93A0FE74DF77F87ED780848 |
| SHA-256: | 719EA7D4B31E4D92FC5C385B3D2BCC35590F712A49170A8B0C95D644094910F0 |
| SHA-512: | B456AD1F2A13FD6B5113187159421F88B61D12F9F2016B8EEE792CAF97EA2869102DA63452F77D8CCFCE26B056F49F88C9F244480901B84DD9264669616BC62A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16309976 |
| Entropy (8bit): | 7.998518443152034 |
| Encrypted: | true |
| SSDEEP: | 393216:Ntv8cmcQHK4gy8AttwCH0yoDRPaIc1+8iMAFSfbiEaE:NlGpK4gyNt10FDRPaj1+9Sf7D |
| MD5: | 29C2D960995F48C81B46F1FA0C352B74 |
| SHA1: | FCEA8B5A68AE8475F10AC7D276ECFDFFA1EB3B2C |
| SHA-256: | 06AA0E486A8886DDD8D7BF810228FC02DEA46B8F4B60A40D3DD0201CDC156775 |
| SHA-512: | 45BE1DF5DB0F2E15E2E689D8B93FB4EA79F663E458E68AB632D0A146F49ABB7737BCB308EE7A6B31DBEECB68E721E082B12416895B5DECD9EE3E8167C8B4BFD5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 25313536 |
| Entropy (8bit): | 6.807030627753541 |
| Encrypted: | false |
| SSDEEP: | 196608:Z0po/J9NG1LmJSdRrEKmpcq2flhxd3atAvl5BY1gxes70A79qzzdgggtDhnEL+hu:SG/J61R/aAqNgxhA3zGggHE1J |
| MD5: | A1BD982107C6435DFE7E0199A1BE7570 |
| SHA1: | 7C8FCA8A2A1FBA0349B86556738ABD66B4AFE74D |
| SHA-256: | 4C0433C46A2FFA14D33CBF9F5D3DF5393FDEE609150BBE9A0768241F8A36255D |
| SHA-512: | 0243178D448835BFAAF242F0880C8125C1A1B612A682A96D48A4EA11D647C56FF61787722628014E036A106CCC6F601B9175FAED6EBF64960EC7AC327D4AF96B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 114588 |
| Entropy (8bit): | 5.950191699592087 |
| Encrypted: | false |
| SSDEEP: | 3072:KPOwuRKsNJthXK3WsHmpbWlJGBVrfRV2xqKLE2fFBum0/3lZbi+QQQQQKS:KPMC8SxqKLEy |
| MD5: | 77D353744697C77955F9BACC7F3ED90A |
| SHA1: | 573229CBC4622190A38ADFF3D906E0C1466802BD |
| SHA-256: | 8B32BC539CA95DDA2D2206A43234B5F3B0FE964BD25966C860BC80EC7F06D702 |
| SHA-512: | A4252208B0CB258F249B6826A1ED920B8CB67ECC57DA60333812F3515E5B351C739CE5640E9715D9725E4946693306DAD6BA1CAB40F7BDBE006B113EDD5F41BC |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 111616 |
| Entropy (8bit): | 5.983778293335529 |
| Encrypted: | false |
| SSDEEP: | 1536:p4waKhBCYALFqzW3k2+OpmFNZbtTsCJ2O00gT2Qr6QS026z2iAAbODAh/:GwOgz2k4idJ2OhgTbrcybP/ |
| MD5: | 6C522F09EFC8B83271666585F9FC6BF0 |
| SHA1: | CE2095485C0274ED904E096B80448BC48F56C3BD |
| SHA-256: | 09660C19F1773A761B2E56A05B666813DFD6E6196B4AD9D85FF881F29A30E839 |
| SHA-512: | 8F25D2665E30B424DB930ABCBA0784B2B66DC1513833801524DFB213B574D3D4268D187814FBD228337C1EFEF6BA6AB7135A002CAB7FF09C1DD8BD226E28DAF4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 121788 |
| Entropy (8bit): | 6.037691185917485 |
| Encrypted: | false |
| SSDEEP: | 1536:Vq4wad5AcRreeCo3s7VVc9lZKuDUlURVDXKMM9my0D4YEHdiBSdRRsEbHIG12724:V3wCR5Cz7g9lZtwWRVCtTHdiYHTIh |
| MD5: | 44DFE8CC676882243911A3197A50169E |
| SHA1: | C330D59F3E64E07A2571C2BA4F4109B20A168F69 |
| SHA-256: | 14F7DE6B616950395062902EB8F70F01C0A901223DB5D40F2A05728AC4A830F6 |
| SHA-512: | 6C07F27F63408932138D5D5AA048793371F28EEF16521DDA4180BFBF33A5E69860B87E01C24CE53C85E66F5D07075B25AC1FF33AA5709486A0921BC19AEA9A58 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 120312 |
| Entropy (8bit): | 6.031445733585841 |
| Encrypted: | false |
| SSDEEP: | 3072:Cwi7dhZmpq2eWNyiavI78aiQBqPssssspzQIDQfe/:D2jQjeWNh7bqssssspo4 |
| MD5: | 1BA4767EE37AAB7E8D34FC339C3538CC |
| SHA1: | 2007F546660221940E9DC6B9A3CAE9B72FBE17AF |
| SHA-256: | 2101C00B9C973A666BF128B3A776A45DF7107BD29116079EE00541A8863D50CE |
| SHA-512: | 1701E2A7596748801C5A5B74DBB5E9948BD7D862988C273E4EE746DF29833BFB9E73BDEDDA0557C10250005A1B200C5ED702C7693F5D37376392D5EF1C3E397D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 115316 |
| Entropy (8bit): | 6.055113603904019 |
| Encrypted: | false |
| SSDEEP: | 3072:OX84kE1mqnhiiGX1Vkuc4uo3plHxFF0oBKkz:Os4kNqhnG4/obF7T |
| MD5: | DB15AC7981B2D2897D1A3C22892B5A51 |
| SHA1: | FA540E486CE62D6883201B0A545C4FACF2511253 |
| SHA-256: | 01EF8D755F412A945AA0B1221BFE98852200B549C4F16AAD377E49937A30BD2F |
| SHA-512: | B0036DFA1938B9E001A67A241358221FC3A805DAAB61C26EA00FA9C0FF5EACBC38EBF4536DDE74F72B32189A7A7721ED3C4CA69C703995DD9C55AA044C66705F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 91460 |
| Entropy (8bit): | 6.009120867809845 |
| Encrypted: | false |
| SSDEEP: | 1536:qEP64g1WnZMwFbXkp3v8L1ZhzGGdY1VwJcjozWIzE9URfWrqmVlQAlpAFVd8ySJx:7Fg1rwFbL1zi0Y1VwJcjoq3aKFVbGFTu |
| MD5: | A567F4A8E101CB600004E09526A1A170 |
| SHA1: | 4E75EBFF548EF432BC417E8686D52FFB7C9CBE35 |
| SHA-256: | 95A84782E0797D27D079D9CC6AB9BB24EA67558953099BF4481C08E95B2AE70A |
| SHA-512: | 2D92A4FDF72F86F45044BE2A2F9D90A09CAB568BF02F79DB134A1B8F940D61AC500FB888136D902A6A16E12C0767F56EDB49EAC741D4730344BC4E7B81098A57 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 118352 |
| Entropy (8bit): | 6.041382213433709 |
| Encrypted: | false |
| SSDEEP: | 3072:SwCRbQGhMJ3eehZRVFckGYSEDdb/fNuue/:TGYDLpDZDw |
| MD5: | 56C4CB26FD6A48B9C0EBCC07B376EE38 |
| SHA1: | E4CEA8035A258A869A6139FBF74E6D0C247BD49B |
| SHA-256: | 1A63DDA1D2F019336E934E41D7FFA8F3E5F4CEE0EB6A0C4734827DBE09CE5015 |
| SHA-512: | 4528F40A06E28709FA301E2DD3B6BE26F075926F0983C3053D4ED83B892880E089792CAFF1348DD0D97C5FF92A3346E504A2B0A7D12D96B2232692BC08A3DFF0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 122524 |
| Entropy (8bit): | 6.027315404114728 |
| Encrypted: | false |
| SSDEEP: | 3072:A9r4kNemwt5uwwImc4m+IyMAzpGzmjsUmVFRYGxTNKswDIg44+PIJmront+Z9nn8:Ad4k2jlOGGseMKD |
| MD5: | 5B761F2D1E4259EA6AC7AB3EBF7F3C49 |
| SHA1: | 6EB95108FEF81BD8CFBF7E20D4CA0634E5989019 |
| SHA-256: | 05903540A0675491FDA9015A78C05BB589769951BEFAB12A58A5568175566B49 |
| SHA-512: | EFD53F275C701A2AA89068455F9A86F926CB73EACC45E3AB9767711BC9B08E70C145E6F1005DFFA1DA70058CAF1475E4B8F2B2BD26E1CA080351E60307C65F1B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 91600 |
| Entropy (8bit): | 6.123498339637911 |
| Encrypted: | false |
| SSDEEP: | 1536:eEP6mX7Hybas4R2PfbBqSwQ/mVa9aftoB4YE8dKVu/z+u:36m+b74RsbkSwQ/mVa9aftoB4Y/oo/zJ |
| MD5: | 3D747D8BF464744EECB91556D86DE11B |
| SHA1: | 584F340776412F77F04DE06EE04348EF823D5097 |
| SHA-256: | B1AF3A551A7E2D9FB640773197A00F6970A2B9C6699B0C786059A37453D5D12C |
| SHA-512: | 2C54688279CCD06908831B203855F4C82228FBF11508ABEE1BA23B14EFE14CD7B6AE4DF9DB7972F88CEA29760FE76F13B11B81AA60B3C46B364D606771E85379 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 120196 |
| Entropy (8bit): | 6.011827637054103 |
| Encrypted: | false |
| SSDEEP: | 1536:zsV4waPQATR26yK8rdDXlvgMCkXRosRV24+DbOR91pJq8Q7AjtOn2/SVAOYfrbrK:znw2RqTdhEcRVxCbG9D8cjtOn2/fFs |
| MD5: | 7F690E503A254E0B8349AEC0177E07AA |
| SHA1: | 127F241871A9FE42CD8D073A0835410F3824D57C |
| SHA-256: | 7AE714B63C2C8B940BDD211A0CC678F01168A34EEA8AA13C0DF25364F29238A7 |
| SHA-512: | 329B4FCD0CBB804324A2A0E41542B64949208CFFB18D38AF50A7CCBAA007C0BAF2B241A8077B4DB0F6E97385E65ADA7D73F6D06A5E55411D549B5A3BF29CD641 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4407 |
| Entropy (8bit): | 4.977462990679356 |
| Encrypted: | false |
| SSDEEP: | 96:66nPUibMxxUDfGkKnjfRU88f+BktjVKvR1wyQeQHDZoN:69sMPZW88f+XvR9QHtE |
| MD5: | 39591640D6982378C43EBA1DB4B68E12 |
| SHA1: | 76897B37E127E2332A1A79AAB2E0D6F30CCDC47A |
| SHA-256: | 74BA064D03F1F1C4A952DA936C3EB71866C34404916734DE3CAE73B34357E59E |
| SHA-512: | 0642DFAA45C5E189E2B21DA1961E348CB5F601B81FC601E8FEBFBA51FA49F8CCE416EFD39E442DC2B3DFBA8AC8FCFF3C1D0BBED74CFC834A7A1E30322D870B16 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 433405 |
| Entropy (8bit): | 4.64275199317527 |
| Encrypted: | false |
| SSDEEP: | 1536:GTcuDoA1NBh9v+00dt1rjYeyJ814AJvoR6QSvHJlov/fFK5dFKC7/KPRu+g+U6Nq:GTP/b+00mV/0RC4 |
| MD5: | 923C33B01C5030323870F10FFABA3FDB |
| SHA1: | 3117985C4A5572A796545626601DB53982B18A00 |
| SHA-256: | DE4E133112F49CB9A9299BB26750BD1334521E9DB414BE8E168AC9FBE9E461E8 |
| SHA-512: | 7CD8828E1CE90919F87F75000711F2741B53CEDA8A88D7646FB99FFC4720EE3A2E33997284C9C1C3BCED823D4C942F12D7334A417E882536082E6E41C3588887 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50422 |
| Entropy (8bit): | 3.600862091495117 |
| Encrypted: | false |
| SSDEEP: | 384:htZ9nyjy/JcndwvdPyFOIeyC8CQaDGsNAscjbNWMW2vkVF8+esajrvDELFCZSH4s:jZ9yjyBcndwvpyFxF58wjENcYkSJKnU |
| MD5: | 34D34A8ED673BAD66B456E1BC1A4260C |
| SHA1: | E88BF53F445D6705325EF17BC6512A353EA7189A |
| SHA-256: | 05022FC6D9EBC1E5E1516BE75FEA0BCA0A55C0CF884AE30E70E27ECCC94A9F98 |
| SHA-512: | B27EE6D5103E32018074217C8E91DA9FC8CF3A39C0AE3437ABFB0171846F359D6DB4AFF2DCDEA21054522FEC3801D18512DD2772B722787DC291CFC8685B51CA |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 49660 |
| Entropy (8bit): | 3.4178172579705404 |
| Encrypted: | false |
| SSDEEP: | 384:I4PwZ9VyVHULA9ZEAU4ZATWtwoOzOaXnsm34K1qZEk1FVFjiFHARGMZqivCW6cWi:dwZ3yV2A9fU4KCeqy1LMkfexF |
| MD5: | 35E804ED8943C2D335AE01EFD6D15B5A |
| SHA1: | A7A188ED035341861A5D6409AD6AD6621D6C3DB4 |
| SHA-256: | 7ADA050A0DAFFC7D13887BBC18E27EA1B51425645A3C5D274B2A74E3EA0CE2FC |
| SHA-512: | 35D6E6451AD1AADD20E0997C65BC3EF64D9EDC8F32622D1339974415E132DBF1ED1CFAFB17E6716B890B72CEE0C659A69A8BE1D6A71310C432F79DCBF5C445A5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54846 |
| Entropy (8bit): | 3.456156512048811 |
| Encrypted: | false |
| SSDEEP: | 1536:z/gawzQve2KtKnQ7fQOaC13BcHfisd94c:z/gawzQve2KtKnQ7fQ+13BMfisd94c |
| MD5: | D1A17BDAFFB466998103CC03AB132E44 |
| SHA1: | 689E0A1A10BD371F48202B360A3482AB39F539F5 |
| SHA-256: | 80883A58CC3C4EDD98E5D931E57ADCC039FB0206FC884E763BE152BC2E231076 |
| SHA-512: | 112D0B630B9E2ADAFC66D5F746BEEFACDC95C50143702FD64DD12E00ECC90B54E91127C2937A259D1AD25C4D012259605788735D54DDE5692C41568E32E93DB2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1252608 |
| Entropy (8bit): | 6.849057121567248 |
| Encrypted: | false |
| SSDEEP: | 24576:vHYSVzcy9JHhxHYqGBfv7CwSW0SwTqKJq0V3pRe7m2nX+ugzu1G:wWzcyjHhx4qxOh0V3pBguy1G |
| MD5: | 26F50AC24BFCC919B692C1B03C3546B5 |
| SHA1: | 6DA9D55089737922E2E67E66AADA3DE2424C5663 |
| SHA-256: | 07F08000B5D434F7EF21B468BD1502DA7823EB7BA15266A3B6BCC92877B7910D |
| SHA-512: | 445FBC9B3E4A9E1F31C0D31FF77E3FA3AC30B5DEF6FA458635B7582D99D3C551BBA1587861FB335DD3528B13F60FC6FE7912AF78631F887EA599494BEBF297E8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51500 |
| Entropy (8bit): | 3.4068786988911266 |
| Encrypted: | false |
| SSDEEP: | 768:oeZKS2FyrtUmfmswq2GBb5qZ9/LCMG0Y+e5bhxf3:oDS2itqGBbgRCMKvbn/ |
| MD5: | 69C2CCC5BF10F64C877B066D03FF73AC |
| SHA1: | 6BAC182730A92CA63E4A1C5C73978DF95A176124 |
| SHA-256: | 935F9275B94F15C1AA8794F8F5463AB57F0EA3C75A16D4336137B9C1624ACE50 |
| SHA-512: | D81945FBAEDA1A2BABE4B10CED50C432E73CBD966EE6A8C2A0C6E43B8DCB535D2BD819F4AE94406E646408FCF22110DE1B11312F12CC261CC285FE5D700BF1A3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 912128 |
| Entropy (8bit): | 6.203643553136185 |
| Encrypted: | false |
| SSDEEP: | 12288:GyWq8D0V3hzCMq32qdsii94mpmZYvm3j81z9TrGQFFPERLwfzOIYvP0XJ:p60NIM6/aii9RmZYvG81z9TyoPEK/g |
| MD5: | E019499EB848BE1397A3900E9C3957C5 |
| SHA1: | 10C9108D163C7F054D51F347A9A3AA2CCDA6BF41 |
| SHA-256: | 17F7B2EBCEEBF01C2F8633A0293B65C003165C12E8CED9B1996DCC5A0CEC2C78 |
| SHA-512: | A76E848763C93A3A5454ECF624D89D25C8DB8D3C2D13EE4DC6D0B3A0FE380542073D5FFB909F48DD6982B57017859A0E1D13E96E69B3B3A5B7F2B9162F418768 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54096 |
| Entropy (8bit): | 3.3922298323026845 |
| Encrypted: | false |
| SSDEEP: | 768:sZ7X4iI19SznpMfPXXXy1Km1yGBVNF4I/6:cIspMfPXXC1fzB/FX/6 |
| MD5: | 4CC635AB43B5B64654D113C9EFA424A7 |
| SHA1: | 9C21F4F336C2B97C7A49ADFDB3B3E1861638E952 |
| SHA-256: | A38D6A58E6C4D9C8EFEA626C117BCDBB332CFB4A82E00182FC4E9DC6113FFD5B |
| SHA-512: | 817C4A374C0CAD235EB31DA874F647A4865CD68F54EB8EE95E8293E947B4FE0C5050F6F8E5285EB7D2ECECFD36BF3D856E18897657170BF592CD0E07623BC504 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50170 |
| Entropy (8bit): | 3.4294331449709876 |
| Encrypted: | false |
| SSDEEP: | 384:x0ZSu/W7ykC17fHDS+IvZlcXkM4dsAv5ZzDDDhBfxoGjAR/NNwYNYCR+vRBtaN5e:eZMyLDDlIe4Zv3zFsY3yDm |
| MD5: | CD886F1ABCDAE90A36C759ECC3DDD108 |
| SHA1: | 9868B056D268F323E671605CB195638B1241E703 |
| SHA-256: | 13AAA34FC331673041972CBEDC586E92AE08E1785931D74B2F6F8596A7F18896 |
| SHA-512: | 7C82BEABEA364BC7974BCE4E034296C9CA7C9A9AAD4B1844E7D7431B1C98376436A9ED32AEB25AA8B1A506A29791F5ED649F2CD2792AE7015FC9FF9D03FA7D6D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 55666 |
| Entropy (8bit): | 3.4330430664962557 |
| Encrypted: | false |
| SSDEEP: | 768:R+Zz+6r1QXNVthvKjD+0JPBvTEjg2nDm4E+KaV/KR9Q:ELghvKjD+oBvSpVEzax |
| MD5: | ACEFB237B6F363AED1C1E38A4DB13B25 |
| SHA1: | FC8900063269A81A3E55EB158052AEA4994FFB18 |
| SHA-256: | FCBF122BF86C07D506021B39D9518BA653F4CE7421E3BF9E4CC95DD259A43203 |
| SHA-512: | 91ED192B2D468F2BFC1FC2BFA2BF5E9A17AD8C9F42856E8411B9B741CE679936839B8A95684731D946E1A01018A3B45F3537A8F18EEBF0624877A4F697BDE50F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54666 |
| Entropy (8bit): | 4.37817556742197 |
| Encrypted: | false |
| SSDEEP: | 384:GvUFGxfbO85Dl3HWg/HBy0SGCrOfyLr2fqDRJNUanFkJHtFL/A9QI6biIJ8d5uDK:tGxfbLpYN0IA1JHHLY94u9W4GwD |
| MD5: | 358E6A625A94CEADE289C099B02D0813 |
| SHA1: | DAADCCC746F56D630853DCC12196553719AD04F7 |
| SHA-256: | 259FA88C50681D3D288A62CCAB2AD7C37FF120506DD16BF0B15406A5CBA5D5CE |
| SHA-512: | FD8EEFD5FEA89AAF7219C561C3DF7CB9651C34DAFCB8EFB8016F2602F9E92E4121B17134462208F043481D08DC907BBCB1564895D0686EA9B757F4E0EC28AFB8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50412 |
| Entropy (8bit): | 3.391278707167974 |
| Encrypted: | false |
| SSDEEP: | 768:2CZkoEMZ5fjZhrYJQNffuRGW6PlDOWaND6ybfD5Ch1btddjIhh1ulimbb:cGdFcfDovs4x |
| MD5: | 885E07CC720D8EADA02D6BE8027C5666 |
| SHA1: | F1306E72464914EEDA749D2BCA320D5A469F081D |
| SHA-256: | 532A72D3C3E798475FFF44467064120CDE499809E96AAF5DCB61CEBFF3839C84 |
| SHA-512: | 2A64885E07CFAAA38239965F6BE8A5D847C686D20B6499E062F185B3F0F4FE6DC73498987013760027D06462A07B72373DA8E9C3091DA588383A8604A0D3C461 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 39122 |
| Entropy (8bit): | 4.639330473443025 |
| Encrypted: | false |
| SSDEEP: | 768:ZhHjV2T581X1PWDGV7viqjSbwYiqG4+ahRtfixa:ZpVlqaLiqjPYiqG4+ahRtfixa |
| MD5: | 38CCFF74E55F7A0D86A0A862232D0F37 |
| SHA1: | 317BE3F8B93C7DD3EC216BA831D4D209051EBCC5 |
| SHA-256: | 7BEEE105F9AFEA096CBED05D4D2F2F6E008D079CB5B636039579059C4B765DCC |
| SHA-512: | 94F44D3964A71EF17043DC97BA908387F419658072C89D0F54CF96FC7CC754CC9440113D74B1D0A7597B9B5F7E39059C277AD3D5BD7BF15386C9F6215A7635E7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 38472 |
| Entropy (8bit): | 4.6322083170928074 |
| Encrypted: | false |
| SSDEEP: | 384:/dr0UxaIRBVsY00N3pH3kBKu0NT6ULRQNeO0b9FAv9CNRzKJWyPJ5oOsJAYrKVI:/CUxaIN100NJ3/T6UyAYkI7O |
| MD5: | A780E4AA7D209DE987178D2AF3917124 |
| SHA1: | 1B2A952FFAE630C7F78DED252F2440DC5A7BF3A5 |
| SHA-256: | 44CB8E9FEF66813562B801F7DBA434584FBAD85AC34942A6E51ACA898B5AD6C1 |
| SHA-512: | D091D45FC92ED263874B07FC7A9DF1BBCF2A54B4843C6938794D8353E501DFD030D215BD6F62382DF97ED3C2479FA3C39693ECB5C39E8DA1BE0D611C41095375 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1191168 |
| Entropy (8bit): | 6.742301124847814 |
| Encrypted: | false |
| SSDEEP: | 24576:ZIfI8mB7k7u58tRIqQaSp11OHpkfwnJOvsuzs9LwmaUbZs:ZIgvyUYk1oO+9Lwm3Ns |
| MD5: | 9A02F6FE96EEBD97D5F10CF7D630BE54 |
| SHA1: | B806015F39DF408B42627AF5721460D4702EAF68 |
| SHA-256: | 5E24431576800C2FED82147CAEF76FF10D6B61AF3588C295226FDA23B0DB46C7 |
| SHA-512: | D569D062CD16F4DA9A97373705486B59C89558F5AB491D373F1C7450865757045CB705E9CFDD07BBA18F597F84B415FEC7E1B81DDAF3DAB0DD58F703AAC881EE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 246528 |
| Entropy (8bit): | 6.425523238071144 |
| Encrypted: | false |
| SSDEEP: | 3072:LWzfAQwIlcdCwM3ypapbIKi+DTJrDsUmBmeblip8vqkcfFQQka5JtrhreQ:STAWlcdk3LpbIR+prD0Bm6Gkai+JNkQ |
| MD5: | 2ADC3D68B6FDCFA88F3DBEAC8A249CFF |
| SHA1: | B604B3A9EFB281F39138BB9722FD831C08367759 |
| SHA-256: | BC52588D670AEEDC212E2CCAC55BACAF53DB3151F6697DFA307EEE9F9D1443AD |
| SHA-512: | 12AABEAA4FF181D76F9B0B5466565D729EE23D1C8FFDB47B0DD17E6E63CF4B4AD3DB6CA87AE644F73B617E897A633DA96750A0163A3CA65BC51B96F2AF92E870 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 49664 |
| Entropy (8bit): | 3.414876135531575 |
| Encrypted: | false |
| SSDEEP: | 768:PHtmINZV9yhLK2g2O0k4BjZQOVYQqOA+LV869ZR:PHtmI5ALK2OP40CYQqO786F |
| MD5: | E2FD0CAB6F1BF629F54A45F0A0954FE0 |
| SHA1: | 2B6B74E078BB75317ECE428A79F7461FCA766C41 |
| SHA-256: | B554AA9F1E2F5FD65DF7337474019CD834B0E9ABF60BFDA521AB8E75950858D6 |
| SHA-512: | B6B6C620128A020D3C572B9E597D78541533FF16C17A5D0FCCC9CB16D99E387FD64EE2F59564DF9DA1F1DA9A9F129C02F87DD093D1EE44AC21F03ABEFBABF971 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 51234 |
| Entropy (8bit): | 3.5757156592155184 |
| Encrypted: | false |
| SSDEEP: | 768:X9ZCwhG1WS9+V33JbbXuyl+ZeRlo1dxb38GbsL:GWbIZeP0xb38GbsL |
| MD5: | B10A90474792DBB466E22120E524EA4A |
| SHA1: | 17E36AC22F4ABCCBD8261F276CACD7D1387B31CC |
| SHA-256: | 4195277825B17ADC3D6F01F9B55A5BEB039D3CED2C9D2A92593990880D3583CA |
| SHA-512: | EFC739B676F8DFBF2F7807864F74A7F87EAF7AC62EB7E268BC285C3820714941487568CAB9879D899D0F533E81F27B665C62203C531F7346A381DD7FF32A7247 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 53510 |
| Entropy (8bit): | 3.419487703240557 |
| Encrypted: | false |
| SSDEEP: | 768:VBLZBIKCZgFMJ7ftG2IQzlCKogW1d5SdnhwQC:VBMKCZF7k2IKlCKoguSdnhwb |
| MD5: | 9C93E708A41C93533362551562E54C0E |
| SHA1: | 26DC6BAD4063BB1B9C16EC3BEBDB10F1A3EDFD4F |
| SHA-256: | 716F161781D243CC2584232BDCAEAF727F74FA2B758315AB8A75CDAF9BE184DD |
| SHA-512: | 938D81663C145806186B7CE5C1900CD8B8091185BBD992156A435790E269D6260F2CFFFE7F762933F77B8E1413FCDC339F0BB4F46A59BBB15543D30D8CAEC6CB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1647360 |
| Entropy (8bit): | 7.982436357222534 |
| Encrypted: | false |
| SSDEEP: | 49152:Lf8PIz+8Q05Tbp/6WQHswlxYNgnOijWqWc8Eil+DYMuj:LkwQ05f2Zl+ODjWq98EilnMuj |
| MD5: | 0AE91373BC5F90B02267A7EFEDB6C93D |
| SHA1: | 2883A3F7413488145DA751630598C1CEBE293D46 |
| SHA-256: | 8F2BF70C3E12945CAAA3F7040F4003A7CB0E2ED52FAFCFEB3E5F4EDB44BCA88B |
| SHA-512: | C563C894B6CC54FFF582669FE5B89B92C8AD676FF1F30BCBC9188158CDF43ED0E90E9B91419B7BFDB0C73D8C008D010A10944D7FFC446CF81BB4542BA92BB77A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 49016 |
| Entropy (8bit): | 4.270704756379873 |
| Encrypted: | false |
| SSDEEP: | 768:o+1hY08MCG5+HVEn3qQHwIfE2Db0Jx7WD1:tjqm3qyECIJ6 |
| MD5: | 4A0228DE7A4B96EA7A83E7C11C290A70 |
| SHA1: | 1B0BA95EF07BDF5F3DF8A18E06ED14FDFCB5B8D9 |
| SHA-256: | 5CF1F24AEEF0C5D0E171342D13593C4623484C55F8FE544A66E68C9B902AAA5E |
| SHA-512: | CAE205E84B458E7D225217BFB9A2D2E176FF6FD924226081CE9FE80929FBB13EA1AEB3AD8A9015ABDCD1AD79ED29CDD6862F68B214431056A2B3AB1916237EEA |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50578 |
| Entropy (8bit): | 3.4264722465972755 |
| Encrypted: | false |
| SSDEEP: | 384:oNZ/a6OIwdnyttzOSL8crB+NskPX2ZajbVbO9CbVg/XNEBBLaJdE/Z/WEZJ5ARhx:oNZC6OHdnmOSiPX2Wb29SLTuIKd |
| MD5: | 104758B214840F732BBF5FDDEAE10385 |
| SHA1: | 6E996C62815AE2E62162C5B6FC61AFC6AF3945AA |
| SHA-256: | BAAB9275A5B2E8B716CF73EC4E9A7CCE9B6318A231DF6A52AEA7EE4364202522 |
| SHA-512: | 4FA03AA207B13943C415B2BBEC61D84DD76E0058767A1E50CEF2ECEE43065BFF09116CD894C0F2ADF4863301C4DD9886553E76342F556FD2A5EAD04B053BF1DE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 50818 |
| Entropy (8bit): | 3.5964625626852618 |
| Encrypted: | false |
| SSDEEP: | 1536:fiUUqMgmoyfuleYcJ5ZF4aYcXb+isWtBYTjOQ7g1K1iHaokWQZdneFlQm:qUUqMHoyfuleYcJ5ZFacXb+isWtBMjOL |
| MD5: | 97488F5899D4A036D7F757958E864924 |
| SHA1: | 9A35314342580F59F4253F73EF5DA3DC18842AC5 |
| SHA-256: | 1DEB8EB87F9CCB1909AC7E00D275AD0B8404B9E75BF16F293430E9E6E96B96E9 |
| SHA-512: | 1E44AA1E83B91945E72C75742DAE336451B4D055A25605A21142B63DF42DD834BAFBBB47CF02CDB34095E3756EB18DD3C2397CECCD775F5B5CC08007B1549BDB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1582788 |
| Entropy (8bit): | 5.384533460792663 |
| Encrypted: | false |
| SSDEEP: | 24576:dPT5ybKmQ7vVN1LCw1mY0K9uMjDoy2rjnDb7i:j/LFDPE+DWnDb2 |
| MD5: | 2E060942F2D3FC28C2F25D993527D2DE |
| SHA1: | 8EC2C42235BBA8C5BA350EAD5A31FEFE9404AC93 |
| SHA-256: | 7C85A76C65A84C2F054648ECA42FC8D4BF05CBA6210C979678233235B21A03B7 |
| SHA-512: | 7A0CDF88A539401A925EF2C64452B06B49DA94E7087F226F157330443CFD5B07D2EC0CC29324E8489BE626EA0E22273393A4C204C9D650096AB0AE84C6FF2918 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3584 |
| Entropy (8bit): | 4.092663993909117 |
| Encrypted: | false |
| SSDEEP: | 48:SHZXcnq/6OL06fKQdhmoal1TFa0hdljN2FeCHmdaUb8smBW:LnA6atfal1FrhgFejesmY |
| MD5: | E264D0F91103758BC5B088E8547E0EC1 |
| SHA1: | 24A94FF59668D18B908C78AFD2A9563DE2819680 |
| SHA-256: | 501B5935FE8E17516B324E3C1DA89773E689359C12263E9782F95836DBAB8B63 |
| SHA-512: | A533278355DEFD265EF713D4169F06066BE41DD60B0E7ED5340454C40AABC47AFA47C5CE4C0DBCD6CB8380E2B25DBB1762C3C996D11AC9F70AB9763182850205 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 45056 |
| Entropy (8bit): | 4.332705416182542 |
| Encrypted: | false |
| SSDEEP: | 384:w4NSXFjXCATBAQR4F1Y5u6I3wa4W7KNP66BjLjyXB0JyuDchv8EnohgSil2X:woaF+ATCQye/I3KWmxj00Jyb8Enov |
| MD5: | 0F96D9EB959AD4E8FD205E6D58CF01B8 |
| SHA1: | 7C45512CBDB24216AFD23A9E8CDCE0CFEAA7660F |
| SHA-256: | 57EDE354532937E38C4AE9DA3710EE295705EA9770C402DFB3A5C56A32FD4314 |
| SHA-512: | 9F3AFB61D75AC7B7DC84ABCBF1B04F759B7055992D46140DC5DCC269AED22268D044EE8030F5EA260BBB912774E5BBB751560C16E54EFA99C700B9FC7D48832C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11264 |
| Entropy (8bit): | 5.729426875863261 |
| Encrypted: | false |
| SSDEEP: | 192:0N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Kx:rJoiO8V2upW7vQjS/ |
| MD5: | BF712F32249029466FA86756F5546950 |
| SHA1: | 75AC4DC4808AC148DDD78F6B89A51AFBD4091C2E |
| SHA-256: | 7851CB12FA4131F1FEE5DE390D650EF65CAC561279F1CFE70AD16CC9780210AF |
| SHA-512: | 13F69959B28416E0B8811C962A49309DCA3F048A165457051A28A3EB51377DCAF99A15E86D7EEE8F867A9E25ECF8C44DA370AC8F530EEAE7B5252EABA64B96F4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4096 |
| Entropy (8bit): | 3.2822595485467394 |
| Encrypted: | false |
| SSDEEP: | 48:Sydce6L4/SA/BL1wgtgh/hwqmDPyzIjFFS:EApLugyVhz2ZjFF |
| MD5: | C7CE0E47C83525983FD2C4C9566B4AAD |
| SHA1: | 38B7AD7BB32FFAE35540FCE373B8A671878DC54E |
| SHA-256: | 6293408A5FA6D0F55F0A4D01528EB5B807EE9447A75A28B5986267475EBCD3AE |
| SHA-512: | EE9F23EA5210F418D4C559628BBFB3A0F892440BCD5DC4C1901CB8E510078E4481EA8353B262795076A19055E70B88E08FEE5FB7E8F35A6F49022096408DF20E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 80384 |
| Entropy (8bit): | 6.271334014902239 |
| Encrypted: | false |
| SSDEEP: | 1536:0o0RUqYnecKBiygONayX2PYnyBN1yksAPvTbhKJB:0/LZiCwyCVPnhM |
| MD5: | B757CD400E19C6722E721E27A6DB1CFD |
| SHA1: | 2E07F3A7B036C3C263049AF483721F88ECDB2C53 |
| SHA-256: | 26C8981D7E3CD8093C40BB7DA0C045E89F6DFC1A0888EFAAC9E22A555D763142 |
| SHA-512: | 9E4675F380D7B79AC0C2F59C8B38663710798F8EE19233AABBD9F5BA81B74901C4F7C0E3D982CCCA640CA240B631F889DAAD27160D3456ED7BB66FFE68E29E72 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 156296 |
| Entropy (8bit): | 6.830213277781043 |
| Encrypted: | false |
| SSDEEP: | 3072:Y4ZTX4mxLCmjJzJvZNq1xpr86w9ZE5jExOhst5sbZdMZQQl3uNp3v9WXLBaIfRKl:Y4ZTdFPjbvZAD26f5gxOh5cbl3uN1EXo |
| MD5: | 9B1F08D4582D53FAC245F0E9EF671F65 |
| SHA1: | 7EAA7E3D972E9ECCAB17CD7349AA7DCE70D082E4 |
| SHA-256: | AB73F342DA02B2BC2774BFBA16D5BFA227733543538E13866820E0C913F519D8 |
| SHA-512: | 85C71AA8965855B92DB39226ACB9C1B96DC73F6AF76EE7617484F3024162DE1C2A07BA9CBC4E27B642ADFCAD7A6D4FE224D8ED8FA3EF0C6CAB13561B8A6BD705 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 32256 |
| Entropy (8bit): | 5.5782631611632905 |
| Encrypted: | false |
| SSDEEP: | 768:FRci+9MscTJMR2+d8heiwhSruaFajMGbJDVVG08:Fg9sTJv+AVwhl25ci |
| MD5: | 5DA9DF435FF20853A2C45026E7681CEF |
| SHA1: | 39B1D70A7A03E7C791CB21A53D82FD949706A4B4 |
| SHA-256: | 9C52C74B8E115DB0BDE90F56382EBCC12AFF05EB2232F80A4701E957E09635E2 |
| SHA-512: | 4AB3B1572485A8A11863ADADA2C6EC01E809A4B09F99D80903C79A95B91F299B8F2CD6CCEAA915567E155A46291A33FB8CCB95141D76D4E7B0E040890D51D09F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6656 |
| Entropy (8bit): | 5.800293106212402 |
| Encrypted: | false |
| SSDEEP: | 96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT |
| MD5: | 7059F133EA2316B9E7E39094A52A8C34 |
| SHA1: | EE9F1487C8152D8C42FECF2EFB8ED1DB68395802 |
| SHA-256: | 32C3D36F38E7E8A8BAFD4A53663203EF24A10431BDA16AF9E353C7D5D108610F |
| SHA-512: | 9115986754A74D3084DD18018E757D3B281A2C2FDE48C73B71DBA882E13BD9B2DED0E6E7F45DC5B019E6D53D086090CCB06E18E6EFEEC091F655A128510CBE51 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 85100 |
| Entropy (8bit): | 6.770749052227115 |
| Encrypted: | false |
| SSDEEP: | 1536:jV0yZ3/9lQG135+6y/kT314MD57QOgsr9XgfJvwCPhY6I6JZmZ:pZ3/9lT135+6y/kT314MVFgZI6GZ |
| MD5: | F0FA23518FFBCE35670A221181A5E8F0 |
| SHA1: | C9D62F4FC62B8CC0AD27BE0B47B9C1EF8958BF1E |
| SHA-256: | B7AE8BFB5F1C4D2DE1A3ADA61BEA3DB2738B6AF76F1C1FFC1E21D7154B153A35 |
| SHA-512: | 609A6022718C69C41EACFF05DF349586ADD49B0B319248AAD532A657612185ED7D6EF38AA5A46F7DD67E74B8E84543A742FC57C1058369F2CB394A72CA8734B1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9728 |
| Entropy (8bit): | 5.115973604853638 |
| Encrypted: | false |
| SSDEEP: | 192:SbEunjqjIcESwFlioU3M0LLF/t8t9pKSfOi:SbESjFCw6oWPFl8jfOi |
| MD5: | 4CCC4A742D4423F2F0ED744FD9C81F63 |
| SHA1: | 704F00A1ACC327FD879CF75FC90D0B8F927C36BC |
| SHA-256: | 416133DD86C0DFF6B0FCAF1F46DFE97FDC85B37F90EFFB2D369164A8F7E13AE6 |
| SHA-512: | 790C5EB1F8B297E45054C855B66DFC18E9F3F1B1870559014DBEFA3B9D5B6D33A993A9E089202E70F51A55D859B74E8605C6F633386FD9189B6F78941BF1BFDB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6144 |
| Entropy (8bit): | 5.576605761495791 |
| Encrypted: | false |
| SSDEEP: | 96:M/SspqrIYxLPEQhThvov3TE4/2Sa5P9QFFYzOx4uF3sbSEI5LP39sQvM:M/QUG7lhvov36S5FcUjliSEI5LuQ |
| MD5: | 132E6153717A7F9710DCEA4536F364CD |
| SHA1: | E39BC82C7602E6DD0797115C2BD12E872A5FB2AB |
| SHA-256: | D29AFCE2588D8DD7BB94C00CA91CAC0E85B80FFA6B221F5FFCB83A2497228EB2 |
| SHA-512: | 9AEB0B3051CE07FB9F03DFEE7CEA4A5E423425E48CB538173BD2A167817F867A30BD4D27D07875F27CA00031745B24547030B7F146660B049FA717590F1C77E1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 90112 |
| Entropy (8bit): | 6.339509843820001 |
| Encrypted: | false |
| SSDEEP: | 1536:uPmnCuZs9reYWvAHvXhxQdJeY3tMCo9NTJwd6aimHr5jr5T51NT:uPmnCuZs9KoPX6rA9Nl2Rrt51h |
| MD5: | BD97D86D8BD07EBDC8EC662A3F31DFD5 |
| SHA1: | 5E2B3A1AF5EE53AB6D1D6C2CB8127ADD39EE7E82 |
| SHA-256: | C31B590CBA443DE87F0F4A81712F0883AC3B506F3868759D918D9A81F84EA922 |
| SHA-512: | 4575D1EA0D1B2F74DF74CAD94EAE7FDF31C513E5DC6D945E81E0873B99F94A5D81B1C385C71AB79A19E5BB6C00FC5FFFEC7A3BBFD60AD7DE312CBB53D8BCCE9A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10752 |
| Entropy (8bit): | 5.807405593424725 |
| Encrypted: | false |
| SSDEEP: | 192:83fHQmgb2DOJi22H/+zNXdA5uv4bunXuDYuzumJucuVuXfugutbHvr:83fwVriWAWiQXWYKPRGaHubH |
| MD5: | 867AF9BEA8B24C78736BF8D0FDB5A78E |
| SHA1: | 05839FAD98AA2BCD9F6ECB22DE4816E0C75BF97D |
| SHA-256: | 732164FB36F46DD23DAFB6D7621531E70F1F81E2967B3053727EC7B5492D0AE9 |
| SHA-512: | B7F54D52FF08B29A04B4F5887E6E3AE0E74FA45A86E55E0A4D362BC3603426C42C1D6A0B2FC2EF574BEC0F6C7152DE756FF48415E37AE6A7A9C296303562DF4B |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 93 |
| Entropy (8bit): | 4.963154240889874 |
| Encrypted: | false |
| SSDEEP: | 3:oySlHSRAYzXHCHMT2bdv2Gvov:oyCHSvOL57vov |
| MD5: | 9DCF0C0666699AD6955951B1AA7A5705 |
| SHA1: | 2D5C6A95428D3B4D2557D46633623B13D0794302 |
| SHA-256: | DF8EEDBCB16F75528DF06C983C3B13BE6EF0895989BE40FFC106279AC4017D88 |
| SHA-512: | CCB5883DE6A8621E6CAB6CA0B69747C178E221B33C141DAED0A5721965898FDFB52D26B3A6C20B8210E644DF71397AF70A21172D523E198B1ADFB47E11411B24 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 405 |
| Entropy (8bit): | 5.259794659720277 |
| Encrypted: | false |
| SSDEEP: | 12:EEy2i6o/xdH3qgIMrffd+49ZBXEaNbNgMkYmgwvtay8tay:Eh2i6oZIjMrffd+8ZBXE+bNgMp0dkay |
| MD5: | CE83E68612E0E60EFD910B36214E219B |
| SHA1: | 26102D34232C356D38FF6366DD923D07FF979DDB |
| SHA-256: | 562BA3F2CEF619DD6A3BC8DCF9F4D796A8A85C7468A8B75886E0EB0F47C10D9D |
| SHA-512: | 97D5957F6CD357C099B7721E2EC971DD81E3939BA7D1F1F6CEBDFA65E5C858CAD9FADACE52620FBEA6B48C093BD1EBBCBF8AE24DC7122E7FD3092BB613566694 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12844 |
| Entropy (8bit): | 7.9748734470026035 |
| Encrypted: | false |
| SSDEEP: | 192:E9ZVLaHiUcmmqrv1pyMz/NLzvzrJBepn96JmU86DYVtkqknJj8:E9XscmbaMNv+p96QJ1kqgJo |
| MD5: | DB02C52E87124969EB5EF4076D89076A |
| SHA1: | 605655E744FE8F73595D312ACD5442B2F4EF44B4 |
| SHA-256: | 20148573FABA66E483918485118EAB0C807278AD6824BB767D4F63296F268FA5 |
| SHA-512: | CEB69196C818C15F0938D25D57C8AA75474739D5F3596156C748575A61DA5714F7296E079CB1EDAD7AA41A8659B6F31F78B90CF092BF3142F832C786E467FFEB |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.302062958880891 |
| TrID: |
|
| File name: | driverfixwebdl-8986694551.exe |
| File size: | 717928 |
| MD5: | bb1d489eb833e8ea9c35ae9ab043e619 |
| SHA1: | 7a0c432b79c2e723c14f0d721a2dee3d29a29299 |
| SHA256: | 0b252685009906aa54b8bc36fa8cb3322a59badfcc5853fc60bfdf2914ee2f0c |
| SHA512: | 566ad27480dee2d5c40cfc44c3224996a8b3994e4eded5157a8eaf608dc33a50f05cc0cb8c30c9f3fb3c522206204c63e4ea4812599df87f5025df2a8355308d |
| SSDEEP: | 12288:LEpJPxOcmmiLy0megd58i/4mIIwKl8jU++N6Tcin1iWuoWXMylb:LoxJmR+l5xAmIElXxOcin1iz35b |
| TLSH: | 80E4F00997B0E471D9920F7325A5C2710BFBACB008938176EAC4BECBF9F16D751B8619 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................p.......B...9..... |
 | |
| Icon Hash: | a6e4cfc78687cdea |
| Entrypoint: | 0x4039e3 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x4F47E2DF [Fri Feb 24 19:19:59 2012 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 32f3282581436269b3a75b6675fe3e08 |
| Signature Valid: | true |
| Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
| Signature Validation Error: | The operation completed successfully |
| Error Number: | 0 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 113DC42C0ECFC87C91DF28F56464BFB7 |
| Thumbprint SHA-1: | 866A6EAA1FFA6AC7660A0AD7E96DEE20A38352B8 |
| Thumbprint SHA-256: | B2CEEB60E2C45E6A17373FF7D631C988BD172013952E94632D328B2E9C341FF1 |
| Serial: | 07482A0A85525AF0CBA8DB08F39A0D19 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push ebp |
| push esi |
| push edi |
| push 00000020h |
| xor ebp, ebp |
| pop esi |
| mov dword ptr [esp+18h], ebp |
| mov dword ptr [esp+10h], 004091D8h |
| mov dword ptr [esp+14h], ebp |
| call dword ptr [00408030h] |
| push 00008001h |
| call dword ptr [004080B8h] |
| push ebp |
| call dword ptr [004082C0h] |
| push 00000008h |
| mov dword ptr [00472EB8h], eax |
| call 00007FEC40E9448Ch |
| push ebp |
| push 000002B4h |
| mov dword ptr [00472DD0h], eax |
| lea eax, dword ptr [esp+38h] |
| push eax |
| push ebp |
| push 0040931Ch |
| call dword ptr [00408184h] |
| push 00409304h |
| push 0046ADC0h |
| call 00007FEC40E9416Eh |
| call dword ptr [004080B4h] |
| push eax |
| mov edi, 004C30A0h |
| push edi |
| call 00007FEC40E9415Ch |
| push ebp |
| call dword ptr [00408134h] |
| cmp word ptr [004C30A0h], 0022h |
| mov dword ptr [00472DD8h], eax |
| mov eax, edi |
| jne 00007FEC40E91A5Ah |
| push 00000022h |
| pop esi |
| mov eax, 004C30A2h |
| push esi |
| push eax |
| call 00007FEC40E93E31h |
| push eax |
| call dword ptr [00408260h] |
| mov esi, eax |
| mov dword ptr [esp+1Ch], esi |
| jmp 00007FEC40E91AE3h |
| push 00000020h |
| pop ebx |
| cmp ax, bx |
| jne 00007FEC40E91A5Ah |
| add esi, 02h |
| cmp word ptr [esi], bx |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x9b64 | 0xb4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1c4000 | 0x277c5 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0xabf68 | 0x3500 | .ndata |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7a000 | 0x9b8 | .ndata |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2d0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6f10 | 0x7000 | False | 0.6574009486607143 | data | 6.497884651859417 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x2a92 | 0x2c00 | False | 0.353515625 | data | 4.393893650965181 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xb000 | 0x67ebc | 0x200 | False | 0.1953125 | data | 1.472782260995971 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x73000 | 0x151000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x1c4000 | 0x277c5 | 0x27800 | False | 0.2750135977056962 | data | 3.3908581399659514 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x1ec000 | 0xf8a | 0x1000 | False | 0.147216796875 | data | 1.5575337022779716 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x1c4418 | 0x10828 | data | English | United States |
| RT_ICON | 0x1d4c40 | 0x94a8 | data | English | United States |
| RT_ICON | 0x1de0e8 | 0x4c47 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0x1e2d30 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 33611916 | English | United States |
| RT_ICON | 0x1e6f58 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 268435456, next used block 0 | English | United States |
| RT_ICON | 0x1e9500 | 0x988 | data | English | United States |
| RT_ICON | 0x1e9e88 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_DIALOG | 0x1ea2f0 | 0x200 | data | English | United States |
| RT_DIALOG | 0x1ea4f0 | 0xf8 | data | English | United States |
| RT_DIALOG | 0x1ea5e8 | 0xee | data | English | United States |
| RT_DIALOG | 0x1ea6d8 | 0x1f8 | data | English | United States |
| RT_DIALOG | 0x1ea8d0 | 0xf0 | data | English | United States |
| RT_DIALOG | 0x1ea9c0 | 0xe6 | data | English | United States |
| RT_DIALOG | 0x1eaaa8 | 0x1ec | data | English | United States |
| RT_DIALOG | 0x1eac94 | 0xe4 | data | English | United States |
| RT_DIALOG | 0x1ead78 | 0xda | data | English | United States |
| RT_GROUP_ICON | 0x1eae54 | 0x68 | data | English | United States |
| RT_VERSION | 0x1eaebc | 0x354 | data | ||
| RT_MANIFEST | 0x1eb210 | 0x5b5 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, CloseHandle, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrcpynA |
| USER32.dll | GetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW |
| GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject |
| SHELL32.dll | SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation |
| ADVAPI32.dll | RegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW |
| COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
| ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jun 20, 2022 17:58:28.395648003 CEST | 49782 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:58:28.512341976 CEST | 80 | 49782 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:58:28.512583971 CEST | 49782 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:58:28.513159037 CEST | 49782 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:58:28.629653931 CEST | 80 | 49782 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:58:28.645494938 CEST | 80 | 49782 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:58:28.645711899 CEST | 49782 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:58:32.440176964 CEST | 49783 | 80 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 17:58:32.575826883 CEST | 80 | 49783 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 17:58:32.576056004 CEST | 49783 | 80 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 17:58:32.578567982 CEST | 49783 | 80 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 17:58:32.713993073 CEST | 80 | 49783 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 17:58:32.715631962 CEST | 80 | 49783 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 17:58:32.717540026 CEST | 49783 | 80 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 17:58:41.129033089 CEST | 80 | 49782 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:58:41.129224062 CEST | 49782 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:14.295217037 CEST | 49782 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:14.330374002 CEST | 49809 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:14.411650896 CEST | 80 | 49782 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:59:14.442914963 CEST | 80 | 49809 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:59:14.443108082 CEST | 49809 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:14.446357965 CEST | 49809 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:14.558926105 CEST | 80 | 49809 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:59:14.595802069 CEST | 80 | 49809 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:59:14.597029924 CEST | 49809 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:26.129271030 CEST | 80 | 49809 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:59:26.129452944 CEST | 49809 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:28.198978901 CEST | 49809 | 80 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:28.199069977 CEST | 49783 | 80 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 17:59:47.591789007 CEST | 49841 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:47.591845989 CEST | 443 | 49841 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:59:47.591974974 CEST | 49841 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:48.062629938 CEST | 49843 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 17:59:48.062720060 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 17:59:48.062860012 CEST | 49843 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 17:59:48.064311981 CEST | 49842 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 17:59:48.064335108 CEST | 443 | 49842 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 17:59:48.064424038 CEST | 49842 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:00.549093962 CEST | 49841 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:00.549124956 CEST | 443 | 49841 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.549843073 CEST | 49843 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:00.549894094 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.571474075 CEST | 49842 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:00.571516037 CEST | 443 | 49842 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.959575891 CEST | 443 | 49842 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.959697962 CEST | 49842 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:00.963025093 CEST | 443 | 49841 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.963187933 CEST | 49841 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:00.964982033 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.965128899 CEST | 49843 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:00.983810902 CEST | 49842 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:00.983845949 CEST | 443 | 49842 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.985268116 CEST | 443 | 49842 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.991717100 CEST | 49841 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:00.991741896 CEST | 443 | 49841 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.992121935 CEST | 49842 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:00.992260933 CEST | 49843 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:00.992314100 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.993264914 CEST | 443 | 49841 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.993371964 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:00.993673086 CEST | 49841 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:00.999866009 CEST | 49843 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:01.033926010 CEST | 443 | 49841 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.033932924 CEST | 443 | 49842 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.045962095 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.046092033 CEST | 49843 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:01.046125889 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.199615002 CEST | 443 | 49842 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.199687958 CEST | 443 | 49842 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.199768066 CEST | 49842 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:01.221267939 CEST | 49842 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:01.221309900 CEST | 443 | 49842 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.222686052 CEST | 443 | 49841 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.222821951 CEST | 443 | 49841 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.222930908 CEST | 49841 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:01.223704100 CEST | 49841 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:01.223728895 CEST | 443 | 49841 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.317298889 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.317462921 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:01.317606926 CEST | 49843 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:01.323338985 CEST | 49843 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:01.323369980 CEST | 443 | 49843 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:16.900768042 CEST | 49851 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:16.900826931 CEST | 443 | 49851 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:16.900955915 CEST | 49851 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:16.908797026 CEST | 49851 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:16.908881903 CEST | 443 | 49851 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:16.908989906 CEST | 49851 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:16.946149111 CEST | 49852 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:16.946201086 CEST | 443 | 49852 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:16.946356058 CEST | 49852 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:16.947025061 CEST | 49852 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:16.947051048 CEST | 443 | 49852 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.358485937 CEST | 443 | 49852 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.358664036 CEST | 49852 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:17.389072895 CEST | 49852 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:17.389122009 CEST | 443 | 49852 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.389763117 CEST | 443 | 49852 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.390240908 CEST | 49852 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:17.434020996 CEST | 443 | 49852 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.578967094 CEST | 443 | 49852 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.579063892 CEST | 443 | 49852 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.579140902 CEST | 49852 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:17.586761951 CEST | 49852 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:17.586785078 CEST | 443 | 49852 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.628128052 CEST | 49853 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:17.628158092 CEST | 443 | 49853 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.628261089 CEST | 49853 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:17.628854036 CEST | 49853 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:17.628868103 CEST | 443 | 49853 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.904273987 CEST | 443 | 49853 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.904409885 CEST | 49853 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:17.914721966 CEST | 49853 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:17.914746046 CEST | 443 | 49853 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.915934086 CEST | 443 | 49853 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.916425943 CEST | 49853 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:17.916692972 CEST | 49853 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:17.916737080 CEST | 443 | 49853 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.370552063 CEST | 443 | 49853 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.370631933 CEST | 443 | 49853 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.370759010 CEST | 49853 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:18.391277075 CEST | 49853 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:18.391304016 CEST | 443 | 49853 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.465774059 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:18.465809107 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.465919971 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:18.466681957 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:18.466694117 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.740077972 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.740197897 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:18.760632992 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:18.760674953 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.761241913 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.762691021 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:18.805906057 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:19.817365885 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:19.817444086 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:19.817493916 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:19.817548037 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:19.817583084 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:19.817604065 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:19.817609072 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:19.817676067 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:19.817691088 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:19.817749977 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:19.817809105 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:19.826666117 CEST | 49854 | 443 | 192.168.2.3 | 52.207.156.224 |
| Jun 20, 2022 18:00:19.826699018 CEST | 443 | 49854 | 52.207.156.224 | 192.168.2.3 |
| Jun 20, 2022 18:00:23.565037966 CEST | 49855 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:23.565076113 CEST | 443 | 49855 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:23.565195084 CEST | 49855 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:23.566545010 CEST | 49855 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:23.566555977 CEST | 443 | 49855 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:23.840740919 CEST | 443 | 49855 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:23.840918064 CEST | 49855 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:23.903707027 CEST | 49855 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:23.903743029 CEST | 443 | 49855 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:23.904393911 CEST | 443 | 49855 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:23.904788017 CEST | 49855 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:23.949915886 CEST | 443 | 49855 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.152652979 CEST | 443 | 49855 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.152741909 CEST | 443 | 49855 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.152856112 CEST | 49855 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:24.153563023 CEST | 49855 | 443 | 192.168.2.3 | 18.205.82.188 |
| Jun 20, 2022 18:00:24.153594017 CEST | 443 | 49855 | 18.205.82.188 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.391021013 CEST | 49856 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.391062021 CEST | 443 | 49856 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.391164064 CEST | 49856 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.399091959 CEST | 49857 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.399131060 CEST | 443 | 49857 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.399234056 CEST | 49857 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.400119066 CEST | 49857 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.400135994 CEST | 443 | 49857 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.400216103 CEST | 49856 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.400226116 CEST | 443 | 49856 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.755388021 CEST | 443 | 49856 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.755534887 CEST | 49856 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.770894051 CEST | 49856 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.770922899 CEST | 443 | 49856 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.771673918 CEST | 443 | 49856 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.772147894 CEST | 49856 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.813900948 CEST | 443 | 49856 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.883356094 CEST | 443 | 49857 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.883521080 CEST | 49857 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.897212029 CEST | 49857 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.897243023 CEST | 443 | 49857 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.898305893 CEST | 443 | 49857 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.898937941 CEST | 49857 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:24.945919991 CEST | 443 | 49857 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:25.014770985 CEST | 443 | 49856 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:25.014837980 CEST | 443 | 49856 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:25.014946938 CEST | 49856 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:25.015657902 CEST | 49856 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:25.015691996 CEST | 443 | 49856 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:25.202070951 CEST | 443 | 49857 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:25.202156067 CEST | 443 | 49857 | 166.78.85.190 | 192.168.2.3 |
| Jun 20, 2022 18:00:25.202224970 CEST | 49857 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:25.203006029 CEST | 49857 | 443 | 192.168.2.3 | 166.78.85.190 |
| Jun 20, 2022 18:00:25.203051090 CEST | 443 | 49857 | 166.78.85.190 | 192.168.2.3 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jun 20, 2022 17:58:28.357727051 CEST | 57091 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 17:58:28.375799894 CEST | 53 | 57091 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 17:58:32.403559923 CEST | 55106 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 17:58:32.438219070 CEST | 53 | 55106 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 17:58:33.370312929 CEST | 56270 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 17:59:47.415913105 CEST | 53889 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 17:59:47.437526941 CEST | 53 | 53889 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 17:59:47.846755981 CEST | 62229 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 17:59:47.846832991 CEST | 58064 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 17:59:47.864866972 CEST | 53 | 62229 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 17:59:47.871364117 CEST | 53 | 58064 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 18:00:16.838174105 CEST | 58216 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 18:00:16.857023954 CEST | 53 | 58216 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 18:00:16.922449112 CEST | 52768 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 18:00:16.940500975 CEST | 53 | 52768 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 18:00:17.606411934 CEST | 57965 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 18:00:17.627194881 CEST | 53 | 57965 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 18:00:18.415173054 CEST | 51791 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 18:00:18.439097881 CEST | 53 | 51791 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 18:00:23.470529079 CEST | 54695 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 18:00:23.491720915 CEST | 53 | 54695 | 1.1.1.1 | 192.168.2.3 |
| Jun 20, 2022 18:00:24.310794115 CEST | 50107 | 53 | 192.168.2.3 | 1.1.1.1 |
| Jun 20, 2022 18:00:24.328452110 CEST | 53 | 50107 | 1.1.1.1 | 192.168.2.3 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Jun 20, 2022 17:58:28.357727051 CEST | 192.168.2.3 | 1.1.1.1 | 0xccaa | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 17:58:32.403559923 CEST | 192.168.2.3 | 1.1.1.1 | 0x9d2d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 17:58:33.370312929 CEST | 192.168.2.3 | 1.1.1.1 | 0xfe5d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 17:59:47.415913105 CEST | 192.168.2.3 | 1.1.1.1 | 0x1cb3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 17:59:47.846755981 CEST | 192.168.2.3 | 1.1.1.1 | 0x9833 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 17:59:47.846832991 CEST | 192.168.2.3 | 1.1.1.1 | 0xd17 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 18:00:16.838174105 CEST | 192.168.2.3 | 1.1.1.1 | 0xc147 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 18:00:16.922449112 CEST | 192.168.2.3 | 1.1.1.1 | 0x1fc4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 18:00:17.606411934 CEST | 192.168.2.3 | 1.1.1.1 | 0xfa26 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 18:00:18.415173054 CEST | 192.168.2.3 | 1.1.1.1 | 0x776a | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 18:00:23.470529079 CEST | 192.168.2.3 | 1.1.1.1 | 0xc38c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jun 20, 2022 18:00:24.310794115 CEST | 192.168.2.3 | 1.1.1.1 | 0x9b96 | Standard query (0) | A (IP address) | IN (0x0001) |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Jun 20, 2022 17:58:28.375799894 CEST | 1.1.1.1 | 192.168.2.3 | 0xccaa | No error (0) | 166.78.85.190 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 17:58:32.438219070 CEST | 1.1.1.1 | 192.168.2.3 | 0x9d2d | No error (0) | driverfix-prod-web-1395277531.us-east-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
| Jun 20, 2022 17:58:32.438219070 CEST | 1.1.1.1 | 192.168.2.3 | 0x9d2d | No error (0) | 52.207.156.224 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 17:58:32.438219070 CEST | 1.1.1.1 | 192.168.2.3 | 0x9d2d | No error (0) | 18.205.82.188 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 17:58:33.407674074 CEST | 1.1.1.1 | 192.168.2.3 | 0xfe5d | No error (0) | cds.m3t5h2g3.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
| Jun 20, 2022 17:59:47.437526941 CEST | 1.1.1.1 | 192.168.2.3 | 0x1cb3 | No error (0) | 166.78.85.190 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 17:59:47.864866972 CEST | 1.1.1.1 | 192.168.2.3 | 0x9833 | No error (0) | 166.78.85.190 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 17:59:47.871364117 CEST | 1.1.1.1 | 192.168.2.3 | 0xd17 | No error (0) | driverfix-prod-web-1395277531.us-east-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
| Jun 20, 2022 17:59:47.871364117 CEST | 1.1.1.1 | 192.168.2.3 | 0xd17 | No error (0) | 18.205.82.188 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 17:59:47.871364117 CEST | 1.1.1.1 | 192.168.2.3 | 0xd17 | No error (0) | 52.207.156.224 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:16.857023954 CEST | 1.1.1.1 | 192.168.2.3 | 0xc147 | No error (0) | 18.205.82.188 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:16.857023954 CEST | 1.1.1.1 | 192.168.2.3 | 0xc147 | No error (0) | 52.207.156.224 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:16.940500975 CEST | 1.1.1.1 | 192.168.2.3 | 0x1fc4 | No error (0) | 52.207.156.224 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:16.940500975 CEST | 1.1.1.1 | 192.168.2.3 | 0x1fc4 | No error (0) | 18.205.82.188 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:17.627194881 CEST | 1.1.1.1 | 192.168.2.3 | 0xfa26 | No error (0) | 18.205.82.188 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:17.627194881 CEST | 1.1.1.1 | 192.168.2.3 | 0xfa26 | No error (0) | 52.207.156.224 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:18.439097881 CEST | 1.1.1.1 | 192.168.2.3 | 0x776a | No error (0) | 52.207.156.224 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:18.439097881 CEST | 1.1.1.1 | 192.168.2.3 | 0x776a | No error (0) | 18.205.82.188 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:23.491720915 CEST | 1.1.1.1 | 192.168.2.3 | 0xc38c | No error (0) | 18.205.82.188 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:23.491720915 CEST | 1.1.1.1 | 192.168.2.3 | 0xc38c | No error (0) | 52.207.156.224 | A (IP address) | IN (0x0001) | ||
| Jun 20, 2022 18:00:24.328452110 CEST | 1.1.1.1 | 192.168.2.3 | 0x9b96 | No error (0) | 166.78.85.190 | A (IP address) | IN (0x0001) |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.3 | 49842 | 166.78.85.190 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.2.3 | 49841 | 166.78.85.190 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 10 | 192.168.2.3 | 49783 | 52.207.156.224 | 80 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| Jun 20, 2022 17:58:32.578567982 CEST | 1200 | OUT | |
| Jun 20, 2022 17:58:32.715631962 CEST | 1200 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 11 | 192.168.2.3 | 49809 | 166.78.85.190 | 80 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| Jun 20, 2022 17:59:14.446357965 CEST | 21701 | OUT | |
| Jun 20, 2022 17:59:14.595802069 CEST | 21703 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 2 | 192.168.2.3 | 49843 | 18.205.82.188 | 443 | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 3 | 192.168.2.3 | 49852 | 52.207.156.224 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 4 | 192.168.2.3 | 49853 | 18.205.82.188 | 443 | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 5 | 192.168.2.3 | 49854 | 52.207.156.224 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 6 | 192.168.2.3 | 49855 | 18.205.82.188 | 443 | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 7 | 192.168.2.3 | 49856 | 166.78.85.190 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 8 | 192.168.2.3 | 49857 | 166.78.85.190 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 9 | 192.168.2.3 | 49782 | 166.78.85.190 | 80 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| Jun 20, 2022 17:58:28.513159037 CEST | 1199 | OUT | |
| Jun 20, 2022 17:58:28.645494938 CEST | 1199 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.3 | 49842 | 166.78.85.190 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-06-20 16:00:00 UTC | 0 | OUT | |
| 2022-06-20 16:00:01 UTC | 1 | IN | |
| 2022-06-20 16:00:01 UTC | 1 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.2.3 | 49841 | 166.78.85.190 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-06-20 16:00:00 UTC | 0 | OUT | |
| 2022-06-20 16:00:01 UTC | 1 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 2 | 192.168.2.3 | 49843 | 18.205.82.188 | 443 | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-06-20 16:00:00 UTC | 0 | OUT | |
| 2022-06-20 16:00:01 UTC | 0 | OUT | |
| 2022-06-20 16:00:01 UTC | 1 | IN | |
| 2022-06-20 16:00:01 UTC | 1 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 3 | 192.168.2.3 | 49852 | 52.207.156.224 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-06-20 16:00:17 UTC | 2 | OUT | |
| 2022-06-20 16:00:17 UTC | 2 | IN | |
| 2022-06-20 16:00:17 UTC | 2 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 4 | 192.168.2.3 | 49853 | 18.205.82.188 | 443 | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-06-20 16:00:17 UTC | 2 | OUT | |
| 2022-06-20 16:00:17 UTC | 2 | OUT | |
| 2022-06-20 16:00:18 UTC | 12 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 5 | 192.168.2.3 | 49854 | 52.207.156.224 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-06-20 16:00:18 UTC | 13 | OUT | |
| 2022-06-20 16:00:19 UTC | 13 | IN | |
| 2022-06-20 16:00:19 UTC | 14 | IN | |
| 2022-06-20 16:00:19 UTC | 29 | IN | |
| 2022-06-20 16:00:19 UTC | 32 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 6 | 192.168.2.3 | 49855 | 18.205.82.188 | 443 | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-06-20 16:00:23 UTC | 32 | OUT | |
| 2022-06-20 16:00:24 UTC | 32 | IN | |
| 2022-06-20 16:00:24 UTC | 33 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 7 | 192.168.2.3 | 49856 | 166.78.85.190 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-06-20 16:00:24 UTC | 33 | OUT | |
| 2022-06-20 16:00:25 UTC | 34 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 8 | 192.168.2.3 | 49857 | 166.78.85.190 | 443 | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-06-20 16:00:24 UTC | 33 | OUT | |
| 2022-06-20 16:00:25 UTC | 34 | IN | |
| 2022-06-20 16:00:25 UTC | 34 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 2 |
| Start time: | 17:58:19 |
| Start date: | 20/06/2022 |
| Path: | C:\Users\user\Desktop\driverfixwebdl-8986694551.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 717928 bytes |
| MD5 hash: | BB1D489EB833E8EA9C35AE9AB043E619 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Target ID: | 6 |
| Start time: | 17:58:23 |
| Start date: | 20/06/2022 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x5d0000 |
| File size: | 236032 bytes |
| MD5 hash: | 4943BA1A9B41D69643F69685E35B2943 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Target ID: | 7 |
| Start time: | 17:58:24 |
| Start date: | 20/06/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff6a8820000 |
| File size: | 885760 bytes |
| MD5 hash: | C5E9B1D1103EDCEA2E408E9497A5A88F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Target ID: | 9 |
| Start time: | 17:58:25 |
| Start date: | 20/06/2022 |
| Path: | C:\Windows\SysWOW64\tasklist.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x3b0000 |
| File size: | 79360 bytes |
| MD5 hash: | F8D74B8779B1C59977779109410C8F4F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Target ID: | 14 |
| Start time: | 17:59:16 |
| Start date: | 20/06/2022 |
| Path: | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 25313536 bytes |
| MD5 hash: | A1BD982107C6435DFE7E0199A1BE7570 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Yara matches: |
|
| Antivirus matches: |
|
| Reputation: | low |
| Target ID: | 15 |
| Start time: | 17:59:23 |
| Start date: | 20/06/2022 |
| Path: | C:\Program Files (x86)\DriverFix\DriverFix.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 25313536 bytes |
| MD5 hash: | A1BD982107C6435DFE7E0199A1BE7570 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | Borland Delphi |
| Yara matches: |
|
| Reputation: | low |
Execution Graph
| Execution Coverage: | 21.5% |
| Dynamic/Decrypted Code Coverage: | 13.6% |
| Signature Coverage: | 17.4% |
| Total number of Nodes: | 1784 |
| Total number of Limit Nodes: | 50 |
Graph
Function 0040522D Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 295windowclipboardmemoryCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 91% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004039E3 Relevance: 54.6, APIs: 22, Strings: 9, Instructions: 304filestringcomCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406DFC Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 59% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406966 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 73% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 64% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040761C Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406436 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004015A0 Relevance: 58.1, APIs: 15, Strings: 18, Instructions: 351sleepfilewindowCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 71% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004055D9 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 81% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A8C Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 233stringregistrylibraryCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 96% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A1F Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 185stringtimeCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 53% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 99% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 44% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004050D2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 51% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004033D2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 107fileCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 94% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 46% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B23 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54memoryfilestringCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 87% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 83% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403550 Relevance: 7.6, APIs: 5, Instructions: 108fileCOMMON
Download Yara Rule
| C-Code - Quality: 93% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 52% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
Download Yara Rule
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
Download Yara Rule
| C-Code - Quality: 76% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
Download Yara Rule
| C-Code - Quality: 95% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 68% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004064C6 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407A26 Relevance: 5.2, APIs: 4, Instructions: 238COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407C24 Relevance: 5.2, APIs: 4, Instructions: 211COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407473 Relevance: 5.2, APIs: 4, Instructions: 201COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004078B3 Relevance: 5.2, APIs: 4, Instructions: 179COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004079B5 Relevance: 5.2, APIs: 4, Instructions: 169COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407913 Relevance: 5.2, APIs: 4, Instructions: 166COMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407DC0 Relevance: 5.2, APIs: 4, Instructions: 156memoryCOMMON
Download Yara Rule
| C-Code - Quality: 98% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B9F Relevance: 4.6, APIs: 3, Instructions: 91fileCOMMON
Download Yara Rule
| C-Code - Quality: 74% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 89% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E78 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 86% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004068DF Relevance: 3.1, APIs: 2, Instructions: 53stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
Download Yara Rule
| C-Code - Quality: 87% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004030A9 Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403DE3 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405FB0 Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F90 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004039A1 Relevance: 2.5, APIs: 2, Instructions: 20COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403389 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403914 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406DC9 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
Download Yara Rule
| C-Code - Quality: 75% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402AE4 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
Download Yara Rule
| C-Code - Quality: 16% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E9F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F0F Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403EF8 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004033BB Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403EE5 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ADC Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMONCrypto
Download Yara Rule
| C-Code - Quality: 97% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404605 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 300stringkeyboardCOMMON
Download Yara Rule
| C-Code - Quality: 79% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407033 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMONCrypto
Download Yara Rule
| C-Code - Quality: 98% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E18 Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
Download Yara Rule
| C-Code - Quality: 43% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02521C88 Relevance: 77.3, APIs: 39, Strings: 5, Instructions: 345windowmemorystringCOMMON
Download Yara Rule
| C-Code - Quality: 86% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040650D Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
Download Yara Rule
| C-Code - Quality: 64% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404218 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
Download Yara Rule
| C-Code - Quality: 93% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406BFA Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 163filestringmemoryCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
Download Yara Rule
| C-Code - Quality: 96% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406248 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F2A Relevance: 12.1, APIs: 8, Instructions: 60COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004049AE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403268 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040450D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 73stringCOMMON
Download Yara Rule
| C-Code - Quality: 48% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 91% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 42% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 84% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
Download Yara Rule
| C-Code - Quality: 86% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404A2C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58windowCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406385 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
Download Yara Rule
| C-Code - Quality: 94% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407359 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C8A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36filestringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406404 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F16 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F0840 Relevance: 7.7, Strings: 6, Instructions: 171COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F3810 Relevance: 3.9, Strings: 3, Instructions: 199COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F38CF Relevance: 2.6, Strings: 2, Instructions: 79COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F3BB0 Relevance: .2, Instructions: 192COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F47E0 Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F1E70 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F0E70 Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F1EEB Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00480E44 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F01B0 Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F1DF0 Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F52E8 Relevance: 5.1, Strings: 4, Instructions: 98COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 005F52F0 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
| Execution Coverage: | 3.7% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 7.2% |
| Total number of Nodes: | 222 |
| Total number of Limit Nodes: | 12 |
Graph
Function 02446AE4 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02460F70 Relevance: 3.0, APIs: 2, Instructions: 24fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02498DC8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 103registrylibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024BF6E4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 52libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0247AD5C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0247A310 Relevance: 10.6, APIs: 7, Instructions: 89COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024A24D8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02479ADC Relevance: 6.1, APIs: 4, Instructions: 99COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02463DB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02444E90 Relevance: 3.1, APIs: 2, Instructions: 125COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024A4354 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024450C4 Relevance: 3.1, APIs: 2, Instructions: 68COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02479E98 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02449E8C Relevance: 3.0, APIs: 2, Instructions: 32COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02460C94 Relevance: 3.0, APIs: 2, Instructions: 16COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02442DE4 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02444210 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024484E4 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024D5664 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024473C0 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02446880 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024BEF94 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02460B24 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024416D8 Relevance: 1.3, APIs: 1, Instructions: 38memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024CC2E8 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0245C3D0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0247AA48 Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024B020E Relevance: 3.1, APIs: 2, Instructions: 107COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024946AC Relevance: 25.8, APIs: 17, Instructions: 258COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024AA424 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 54libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0244853C Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61windowregistryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024781AC Relevance: 18.5, APIs: 12, Instructions: 473COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02488310 Relevance: 16.6, APIs: 11, Instructions: 91COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0244E704 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024AA2CC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0246C5FC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024C66D8 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 23libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02484494 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 73libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0246C6D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0246C7A4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024687E8 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024C67C4 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0247C0A8 Relevance: 9.1, APIs: 6, Instructions: 99windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02444114 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024803BC Relevance: 7.7, APIs: 5, Instructions: 170COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024801FC Relevance: 7.6, APIs: 5, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0247AB5C Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0246CA44 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 024A867C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0246CAE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0248EA2C Relevance: 6.3, APIs: 4, Instructions: 308COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02468630 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02488454 Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0247AAE8 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02484674 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32keyboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |